Global Phishing Report By Apwg Indicates Surge In Phishing Attacks

By Author: eccuni
Total Articles: 211
Comment this article

Phishing has been one of the common techniques used by cybercriminals to defraud Internet users. However, the attacks have become more sophisticated over the last few years. Information is much more easily available, which could be used to launch targeted attacks. The latest Global Phishing Report by the Anti-Phishing Working Group (APWG) indicates significant rise in average (73 hours) and median uptimes (over 15 hours) of all phishing attacks during the second half of last year. There were around 67,677 phishing attacks worldwide during the second half of last year. Attackers are frequently targeting Chinese e-commerce sites and banking institutions. Taobao, a Chinese online shopping and auction site was the major target of attacks.

Majority of the malicious domain registrations concentrate in .COM, .TK, and .NET top-level domains. .TK domain is associated with the tiny pacific atoll of Tokelau, a New Zealand territory, which has become the third largest country code top-level domain after .de and .uk associated with Germany and United Kingdom. However, the free domain has been misused by cybercriminals for phishing ...
... activities. Cybercriminals made use of 2,429 unique .tk domain names to target 54 different targets worldwide. However, over 80% of the domains were used to phish Chinese organizations.

Phishers detect security flaws in websites and IT infrastructure, identify negligent user practices, gather e-mail lists, register counterfeit domain names, build websites identical to legitimate sites, identify phishing tools and send well-crafted mails to large number of users.

Organizations must take proactive measures to streamline IT security. Professionals qualified in masters of security science could help organizations in strengthening the defenses against security threats. Regulatory authorities must set up restrictions on domain name registration and avoid exploitation of sub-domain registration services.

Counter crime agencies must identify and close phishing sites, initiate steps to enhance user awareness through online degree programs, e-tutorials and security alerts. Internet users must avoid responding to e-mails, which request personal and financial information. They must verify the check the authenticity of the URL through Internal search engines. They must be cautious in providing e-mail addresses on websites to avoid spam e-mails. Users can verify the authenticity of a banking site by clicking on the padlock. Valid padlocks display security certificate on single or double-click, whereas fake padlocks may not display any information.

Organizations may collaborate with educational institutions and encourage employees to undertake online university degree courses on cyber security to foster security conscious culture.