Spring edition May 2010
Phishing has always been attractive to criminals because it has low start-up costs and few barriers to entry. But by mid-2009, phishing was dominated by one player as never before—the ―Avalanche‖ phishing operation. This criminal entity is one of the most sophisticated and damaging on the Internet, and perfected a mass-production system for deploying phishing sites and ―crimeware‖ – malware designed specifically to automate identity theft and facilitate unauthorized transactions from consumer bank accounts. Avalanche was responsible for two-thirds (66%) of all phishing attacks launched in the second half of 2009, and was responsible for the overall increase in phishing attacks recorded across the Internet.
The statistics also show that phishing remained highly localized in certain Internet namespaces, and that some anti-phishing measures had noticeable impacts. While phishing remains a damaging phenomenon involving many millions of dollars in losses, the increasingly ―concentrated‖ nature of much phishing offers some opportunities for improved response and mitigation.
This report seeks to understand such trends by quantifying the scope of the global phishing problem, especially by examining domain name usage and phishing site uptimes. Specifically, this new report examines all the phishing attacks detected in the second half of 2009 (―2H2009‖, or July 1, 2009 through December 31 2009). The data was collected by the Anti-Phishing Working Group, supplemented with data from several phishing feeds and private sources. The APWG phishing repository is the Internet’s most comprehensive archive of phishing and e-mail fraud activity.1 We hope that bringing new trends to light will lead to improved anti-phishing measures.