Security Experts:

APWG Report: PayPal No Longer The Most Phished Brand

PRAGUE, CZECH REPUBLIC Counter eCrime Operations Summit - The results of a recent study released by the Anti-Phishing Working Group (APWG) at its Counter-eCrime Operations Summit (CeCOS VI) taking place this week in Prague, showed that PayPal has lost its spot as the most phished brand globally.

APWGAccording to the report from the Anti-Phishing Working Group, an industry organization focused on combating Phishing and cybercrime, in the second half of 2011, China’s Taobao.com Surpassed PayPal to become the world’s most frequently phished brand target.

For those unfamiliar with Taobao.com, it is one of China's largest e-commerce sites offering online shopping and auctions, similar to Amazon and eBay.

PayPal has long held the crown as the world’s most frequent phishing target due to its ubiquity and massive user base.

According to numbers furnished by the APWG, during the second half of 2011 there were 18,508 phishing attacks against Taobao.com, numbers that the organization says represents 22 percent of all the phishing attacks recorded worldwide. While Taobao.com holds the number one spot, the report also noted a drop in phishing attacks against PayPal.

“Attacks by Chinese phishers have exploded, as they take advantage of China’s stream of new Internet users,” said Greg Aaron of Afilias, one of the paper’s co-authors who presented the findings to an audience in Prague today. “But the problem is not limited to China—these phishers use hosting and domain names based in the U.S. and Europe. It’s a reminder that e-crime often requires international solutions. Fortunately there is data-sharing and cooperation happening to combat the problem.”

Additionally, for the first time, the report notes that the malicious use of subdomain registration services eclipsed the registration of regular domain names by phishers. By the APWG’s numbers, there were 17,390 phishing attacks hosted on subdomain services in the second half of 2011, using 16,664 unique subdomains, representing a 38% increase over the 12,574 attacks the group recorded in during the first half of 2011.

“This is a clear example of phishers gravitating towards services they can readily abuse,” said Rod Rasmussen, CTO of Internet Identity and the study’s other co-author. “Use of subdomain services is a challenge because only the subdomain providers themselves can effectively mitigate these phish. While many of these services are responsive to complaints, few take proactive measures to keep criminals from abusing their services in the first place.”

In the second half of 2010, the APWG identified 587 institutions as phishing targets. In the first half of 2011, they recorded 520 targets. In a continued positive trend, the number dropped to 487 institutions in the second half of 2011. The drop is attributed to the fact that phishers are concentrating on larger or more popular targets. During the second half of 2011, the top 20 targets accounted for 78% of the world’s phishing attacks, and half of the targets were attacked only once or twice.

Additionally, in the second half of 2011, the average uptimes of all phishing attacks dropped notably. The average uptime in 2H2011 was 46 hours and 3 minutes, compared to a high of 73 hours in 2H2010. The median uptime in 2H2011 was 11 hours and 43 minutes, up slightly from the previous period, the report noted.

In its sixth year, the Counter eCrime Operations Summit (CeCOS VI) taking place this week focuses on "harmonizing operational issues, cybercrime data exchange, and industrial policies to strengthen and unify global anti-cybercrime efforts." Event sponsors include AVG, Google, Microsoft, MarkMonitor, ESET, Telefonica and ICANN.

The full report is available here.

Subscribe to the SecurityWeek Email Briefing
view counter