The number of new phishing attacks reported has risen by an average of 50 percent per month in the first six months of this year, according to the Anti-Phishing Working Group (APWG), which monitors such attacks.
Phishing attacks use spoofed e-mails and fraudulent Web sites to masquerade as legitimate business sites. The fake sites are designed to fool respondents into entering personal financial data such as credit card numbers, account user names, and passwords, which can then be used for financial theft or identity theft.
Phishers launched 1422 new attacks in June, up 19 percent on the 1197 recorded in May and more than 12 times as high as the 116 attacks reported in December 2003, APWG reported on its Web site this week. The count broke 1000 in April.
Most phishing attacks are aimed at customers of banks in the United States, England, and Australia, although online e-commerce companies such as eBay and PayPal are often also targeted.
Citibank is the current favorite of phishing criminals, with 470 separate attacks made in June, compared to the 285 attacks aimed at eBay. Lloyds TSB Bank PLC is the main U.K. target with 24 attacks in June, and Westpac Banking of Australia was attacked 11 times.
The APWG has over 400 members including eight of the top ten U.S. banks, four of the top five U.S. ISPs (Internet service providers) and law enforcement bodies from Australia, Canada, the U.K. and U.S.
Internet security company Websense issued its own analysis of the APWG report, finding that:
- The U.S. hosted the most phishing Web sites in June, at 27 percent of all sites
- The average lifespan of a phishing site in June was 2.25 days
- 25 percent of phishing Web sites were hosted on hacked Web servers
- 94 percent of phishing Web sites were configured to allow criminals to remotely download captured personal data.