Martijn Grooten
2011-11-16 15:18:28 UTC
The anti-phishing working group (APWG) published a report on phishing in the first half of 2011:
http://www.apwg.org/reports/APWG_GlobalPhishingSurvey_1H2011.pdf
Lots of statistics on phishing, such as a significant rise in attacks compared to the previous six months, which was largely due to attacks on Chinese organisations and their customers.
One thing I found interesting, and which prompted me to post about it here, is that only 2% of the phishing domains contained the brand name of a variation thereof (e.g. paypaI dot com) and they've only seen two examples of phishing attacks using IDNs and homographs (e.g. fácebook dot com) in since 2007.
Also, only 18% of the domains used (down from 28%) were registered by the phishers themselves; the other domains were hacked or compromised.
It suggests that phishers do care about the reputation of domains as used by email/web filters (does the domain have a history of legitimate content?), but little about reputation among users (does the domain look like the one I expect for this site?).
I'm not sure about their definition of 'phishing'. This could have some influence on their statistics.
Martijn.
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
http://www.apwg.org/reports/APWG_GlobalPhishingSurvey_1H2011.pdf
Lots of statistics on phishing, such as a significant rise in attacks compared to the previous six months, which was largely due to attacks on Chinese organisations and their customers.
One thing I found interesting, and which prompted me to post about it here, is that only 2% of the phishing domains contained the brand name of a variation thereof (e.g. paypaI dot com) and they've only seen two examples of phishing attacks using IDNs and homographs (e.g. fácebook dot com) in since 2007.
Also, only 18% of the domains used (down from 28%) were registered by the phishers themselves; the other domains were hacked or compromised.
It suggests that phishers do care about the reputation of domains as used by email/web filters (does the domain have a history of legitimate content?), but little about reputation among users (does the domain look like the one I expect for this site?).
I'm not sure about their definition of 'phishing'. This could have some influence on their statistics.
Martijn.
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.