PayPal no longer the most phished brand
Posted on 27 April 2012.
Bookmark and Share
A new phishing survey released by the Anti-Phishing Working Group (APWG) reveals that in the second half of 2011, China’s Taobao.com became the world’s most frequently phished brand target, exceeding the previously most-victimized brand, PayPal.

Taobao.com is one of China's largest e-commerce sites, specializing in business-to-consumer and consumer-to-consumer transactions, similar to eBay and Amazon.

For several years, PayPal had been the world’s most frequent phishing target, due to PayPal’s ubiquity and its popularity with consumers. In 2H2011, there were 18,508 phishing attacks against Taobao.com – 22 percent of all the phishing attacks recorded worldwide. There was also drop in attacks against PayPal.

“Attacks by Chinese phishers have exploded, as they take advantage of China’s stream of new Internet users,” said Greg Aaron of Afilias, one of the report’s co-authors. “But the problem is not limited to China—these phishers use hosting and domain names based in the U.S. and Europe. It’s a reminder that e-crime often requires international solutions. Fortunately there is data-sharing and cooperation happening to combat the problem.”

Globally, for the first time, malicious use of subdomain registration services eclipsed the registration of regular domain names by phishers.

There were 17,390 phishing attacks hosted on subdomain services in the second half of 2011, using 16,664 unique subdomains. This was a 38 percent increase from the 12,574 attacks we recorded in 1H2011.

“This is a clear example of phishers gravitating towards services they can readily abuse,” said Rod Rasmussen, CTO of Internet Identity and the study’s other co-author. “Use of subdomain services is a challenge because only the subdomain providers themselves can effectively mitigate these phish. While many of these services are responsive to complaints, few take proactive measures to keep criminals from abusing their services in the first place.”

Other highlights of the report include:
  • In 2H2011, the average uptimes of all phishing attacks dropped notably.
  • The number of targeted institutions dropped, as phishers concentrated on larger or more popular targets.
  • Malicious domain name registrations are concentrated by domain registrar, and by TLD.
For more details, get the report.





Spotlight

Security pros and government failing to collaborate

Posted on 17 April 2014.  |  More effective collaboration between government and the information security industry is crucial to protecting organizations from future cyber threats. More work needs to be done to strengthen government’s position as a source of information on potential threats.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //