
Friday, March 5, 2010

APWG Report: More Brands Subject to Criminal Exploitation than Ever, with Record High in Q4, 2009

http://www.antiphishing.orgIncreasing reports of customized, focused phishing attacks against high-value targets point to troubling trend

LOS ALTOS, Calif. & CAMBRIDGE, Mass.--(EON: Enhanced Online News)--The APWG’s Q4, 2009 Phishing Activity Trends Report reveals that eCrime syndicates are expanding the base of brands they exploit for online fraud far beyond major financial institutions and online merchants, with the number of hijacked brands reaching a record 356 in October, up nearly 4.4 percent from the previous record of 341 in August 2009.

APWG Secretary General Peter Cassidy said, “No brand is safe from the threat of spoofing for the purposes of online fraud. Once, only the largest banks were targeted. Now, every kind of enterprise from banks and credit unions of all sizes to charities to, in a recent case, a hardware manufacturer, are now seeing their brands exploited in all manner of fraud scheme.”

While the number of unique phishing reports submitted to the APWG in Q4 declined nearly 29 percent from the all-time high of 40,621 in August, dropping to 28,897 reports in December, the statistics obscure a more troubling trend. Member reports to APWG and research reviews in Q3 and Q4, however, reveal a substantial increase in phishing focused on high-value targets such as personnel with treasury authority.

APWG Chairman Dave Jevans said, “Spear-phishing and whale-phishing, where targeted individuals inside of corporations, or of high net worth, appears to be increasing.

“Phishers and malware attackers are sending emails to individuals in a highly targeted fashion, attempting to gain access to corporate online banking systems, corporate VPN networks, and other online resources. These attacks do not contribute significantly to the overall number of unique phishing emails that are sent, as they are not using broad-based spam. Rather, the attackers customize their email messages to target individual users,” Jevans said.

The report is available here:

The APWG Q4, 2009 Trends Report, combining data from APWG members MarkMonitor, Websense and Panda Security with the APWG’s own statistics, also reported:

● October’s high of 46,522 unique phishing websites detected by the APWG was down 18 percent from the August, 2009 record high of 56,362

● The number of unique brand-domain pairs rose to a quarter high of 23,380 in October, still down 4 percent from the all-time high of 24,438 in August, 2009

● There was an increase in rogueware variations of 36 percent in Q4 (252,025), up from Q3 (158,980)

● The total number of infected computers dropped to 10,305,805 in Q4, representing more than 47.8% percent of the total sample of scanned computers, the lowest infection rate recorded in 2009

The results of the Q4 report are of grave concern to the global membership of the APWG and the research centers, treaty organizations, law enforcement agencies, government agencies and industry associations with which the APWG corresponds.

Those members, correspondents and researchers from around the world will be considering the results of this Trends report and other eCrime research at the fourth annual Counter-eCrime Operations Summit (CeCOS) in Sao Paulo, Brazil on May 11-13. CeCOS IV is a three-day event that examines the eCrime phenomenon from the point of view of the responder or manager who has to engage eCrime on a workaday basis. The conference is sponsored by EasySolutions and MarkMonitor and co-hosted by

The conference agenda is here:

About the APWG

The APWG, founded in 2003 as the Anti-Phishing Working Group, is a global industry, law enforcement, and government coalition focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing, and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,800 companies, government agencies and NGOs participating in the APWG and more than 3,500 members. The APWG's Web site offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection.

Thanks for Visiting - Bookmark us or Add to your Favorites and Find Out What's Going on Tomorrow in the Payments Industry