What do financial institutions, ePayment services, social networking sites and email services have in common? The answer is they make up the majority of the types of brands targeted by phishing kits.
According to an analysis of nearly 9,000 phishing kits by PhishLabs, those four categories account for 77 percent of such brands, with financial institutions coming in first (21 percent). The next most prevalent types of sites were eCommerce sites, which accounted for nine percent.
A phishing kit is a collection of files that typically includes web pages, images, scripts and webserver code that can be installed on a webserver, explained Don Jackson, director of threat intelligence at PhishLabs. The kits are sometimes made available for free, but the ones that are often include backdoors that allow the kit’s author or seller to receive copies of any stolen data or even take control of the server hosting the kit, he noted.
“Some of the kits analyzed were obviously intended for widespread, indiscriminate distribution,” Jackson blogged. “Others were more targeted or customized for private use, and some appeared to be hand-crafted for a particular purpose or an exclusive target. In addition to showing up high in search results through malicious SEO (search engine optimization) tactics, links to phishing websites using these kits are delivered via spam email, SMS test messages, instant messenger services, and posts on social media websites and blogs.”
While phishing kits are just one piece of the puzzle, other studies have shown phishers paying similar levels of attention to the same types of sites. For example, Kaspersky Lab published an analysis of its own recently that was based on clicks on phishing URLs by its customers. According to their report, email services and social networks made up roughly 60 percent of all phishing sites.
In addition, the Anti-Phishing Working Group reported that the payment services (46.51 percent) and financial industry (20.1 percent) makeup the majority of the targets during the first quarter of 2014. The retail industry comprised 11.48 percent of victims.
APWG detected an average of 41,738 new phishing attacks each month during the first quarter.
“The United States continued to be the top country hosting phishing sites during the first quarter of 2014,” according to the APWG report. “This is mainly due to the fact that a large percentage of the world’s Web sites and domain names are hosted in the United States.”
All together, APWG found 557 different brands or institutions targeted by phishers during the first three months of the year. This was up from the 525 during the fourth quarter of 2013.
“The number and diversity of phishing targets continued to increase,” said Greg Aaron, APWG senior research fellow and president of Illumintel, in a statement. “Almost any enterprise that takes in personal data via the Web is a potential target.”