The number of phishing websites associated with online
identity theft scams grew by 33% in November, after dropping off in
September and early October, according to data compiled by the
Anti-Phishing Working Group (APWG).
The group received reports of 1,518 active phishing sites during
November, up from 1,142 in October.
Reports of phishing websites have grown by an average rate of
28% monthly since July, as scam artists broadened their efforts to
lure customers of companies that do business online, according to
Peter Cassidy, secretary general of the APWG.
The APWG is an industry group of representatives from law
enforcement and private sector companies, including leading
internet service providers, banks and technology suppliers.
Phishing scams are online crimes that use spam to direct
internet users to websites that are controlled by thieves, but
designed to look like legitimate e-commerce sites. Users are asked
to provide sensitive information such as a password, bank account
information or a credit card number, often under the guise of
updating an account.
Customers of 51 online brands were targeted by phishing scams in
November, compared with 44 brands in October, Cassidy said.
However, just six companies drew more than 80% of all phishing
scams, he said.
The APWG no longer identifies the organisations that were the
most popular targets of phishing scams, citing resistance from the
group's industry members, he said. However, eBay and Citibank were
phishers' top targets in past months, according to previous APWG
reports.
The creation of phishing websites in October and November
resumed the torrid pace it reached in mid-August, after dropping
off for much of September.
Phishing attacks have emerged as a potent threat in 2004. More
than 18 million e-mail messages linked to the attacks have been
stopped this year by e-mail security provider MessageLabs.
Industry groups, including the APWG, responded by calling
attention to new attacks and working to shut down websites used in
the scams to harvest personal information from unsuspecting
internet users.
Recently, leading companies and law enforcement agencies
unveiled a new antiphishing initiative.
Digital PhishNet brings together companies such as Microsoft,
America Online and VeriSign with the US Federal Bureau of
Investigation, US Secret Service and US Postal Inspection Service
to improve co-ordination when identifying and shutting down
phishing sites.
As in past months, the US was again the most frequent host of
fraudulent web pages used in the attacks, Cassidy said.
While phishing attacks may spike during November and December,
which are busy shopping months in the European Union and the US,
the increasing number of antiphishing tools and initiatives will
hopefully bring the number of attacks down in 2005, according to
Neil Creighton, chief executive officer of GeoTrust, a provider of
online digital certificates.
Like other companies, including internet service provider
Earthlink and eBay, GeoTrust distributes a free web browser plug-in
that warns users when they visit phishing websites. Such utilities,
coupled with the efforts of groups like the APWG and Digital
PhishNet, will make life harder for online scam artists, and prompt
consumers and merchants to become more aware about online identity
verification, Creighton said.
Paul Roberts writes for IDG News Service