Phishing Web Sites Grew by 33 Percent in November

Phishing Web Sites Grew by 33 Percent in November

The number of phishing Web sites associated with online identity theft scams grew by 33 percent in November, after dropping off in September and early October, according to data compiled by the Anti-Phishing Working Group (APWG).The group received reports of 1,518 active phishing sites during November, up from 1,142 in October. Reports of phishing Web sites have grown by an average rate of 28 percent monthly since July, as scam artists broadened their efforts to lure customers of companies that do business online, according to Peter Cassidy, secretary general of the APWG. The APWG is an industry group of representatives from law enforcement and private sector companies, including leading Internet service providers, banks and technology vendors.Phishing scams are online crimes that use spam to direct Internet users to Web sites that are controlled by thieves, but designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, bank account information or a credit card number, often under the guise of updating an account.Customers of 51 online brands were targeted by phishing scams in November, compared with 44 brands in October, Cassidy said. However, just six companies drew more than 80 percent of all phishing scams, he said.The APWG no longer identifies the organizations that were the most popular targets of phishing scams, citing resistance from the group's industry members, he said. However, eBay and Citibank were phishers' top targets in past months, according to previous APWG reports.The creation of phishing Web sites in October and November resumed the torrid pace it reached in mid-August, after dropping off for much of September.Phishing attacks have emerged as a potent threat in 2004. More than 18 million e-mail messages linked to the attacks have been stopped this year by e-mail security provider MessageLabs.Industry groups, including the APWG, responded by calling attention to new attacks and working to shut down Web sites used in the scams to harvest personal information from unsuspecting Internet users.Recently, leading companies and law enforcement agencies unveiled a new antiphishing initiative. Digital PhishNet brings together companies such as Microsoft, America Online, and VeriSign with the U.S. Federal Bureau of Investigation, U.S. Secret Service and U.S. Postal Inspection Service to improve coordination when identifying and shutting down phishing sites.As in past months, the U.S. was again the most frequent host of fraudulent Web pages used in the attacks, Cassidy said.While phishing attacks may spike during November and December, which are busy shopping months in the European Union and the U.S., the increasing number of antiphishing tools and initiatives will hopefully bring the number of attacks down in 2005, according to Neil Creighton, chief executive officer of GeoTrust, a provider of online digital certificates.Like other companies, including Internet service provider Earthlink and eBay, GeoTrust distributes a free Web browser plugin that warns users when they visit phishing Web sites. Such utilities, coupled with the efforts of groups like the APWG and Digital PhishNet, will make life harder for online scam artists, and prompt consumers and merchants to become more aware about online identity verification, Creighton said.

Report Phishing** The Anti-Phishing Working Group is a volunteer organization. Due to the significant increase in phishing volumes and reports, there may be some delay in processing your phishing reports and membership requests. **We are building a repository of phishing scam emails and websites to help people identify and avoid being scammed in the future. If you have received a phishing email and would like to submit it to Anti-Phishing Working Group, please send it to reportphishing@antiphishing.org. We will review the message and any websites to which it links, and post it to the Phishing Archive on this site.Instructions for Submitting Phishing EmailAssuming you use Outlook or Netscape:
1. Create a new mail to reportphishing@antiphishing.org.
2. Drag and drop the phishing email from your inbox onto this new
email message. In Netscape drop it on the 'attachment' area.
3. Do not use "forward" if you can help it, as this approach loses information and requires more manual processing. The exception is when you use the Web interface to outlook: in that case forward is the only solution.