Phishing Attacks Reach Record High


After several months of decline, phishing attacks rebounded in November 2005 to reach an all-time high, a security organization announced in a new report.

According to data collected by the Anti-Phishing Working Group (APWG), a collection of over 2,000 companies, banks, ISPs, and government agencies, 16,882 unique phishing attacks were reported in November. That was a 6.7 percent increase over October's 15,820 attacks, the previous record.

Since a high of 15,050 attacks in June 2005, the number of phishing campaigns tracked by the APWG dropped steadily for three months before the October spike.

APWG's latest report also noted an increase in the number of URLs hosting malicious code that steals passwords, a more sophisticated identity theft tactic than traditional spam-based phishing. In November, the group spotted 1,044 such sites, a 21 percent increase over October, and 7.7 percent higher than 2005's previous record, September.

The organization also spelled out details of several new, advanced phishing techniques, including hacking into legitimate sites. In one instance, the ShangHai Huizhong Automotive Manufacturing Company, a joint effort between VW and China's state-owned auto maker, was cracked and contaminated with a keylogger that downloaded automatically to users' computers.

The United States remains the number one country in hosting bogus phishing sites, added the APWG; the U.S. hosted a third of the world's phishing sites in November. Coming in at second and third were South Korea and China, respectively.