There has been a dramatic increase in the number of phishing attack sites according to the latest report from the security industry’s Anti-Phishing Working Group.
The number of rogue sites, set up to tempt users into giving their on-line security details, increased 29% in November 2004 compared with October of the same year.
The report for last November’s activity also shows there were 1518 active phishing sites, and that 51 brands were hijacked by phishing campaigns.
Almost 70% of these sites had no hostname, just an IP address, and the average time they were online was 6.2 days, before disappearing. The sites operating for the longest time lasted 31 days.
Dan Hubbard, an analyst at Websense Security Labs, said, "Although the characteristics of the sites containing malicious code are not all the same, most of them wait for end-users to access known financial and e-commerce sites, and then either replace the site with their own hosted version or capture the keystrokes of the end-user.
"Keyloggers have also been part of many blended attacks and have spread through many recent highly publicised worms," he said.