Phishing websites reach all-time high

New detection technnology accounts in part for the rise which still shows how cybercriminals are still hard at work
  • Jeremy Kirk (IDG News Service)
  • — 20 July, 2012 03:05

The number of phishing websites detected reached an all-time high earlier this year, a sign that making fake websites spoofing real ones is still a lucrative trade for cybercriminals.

In its latest report, the Anti-Phishing Working Group (APWG) said 56,859 phishing sites were detected in February, beating the previous record high in August 2009 by nearly 1 percent. APWG is a nonprofit consortium composed of banks, security vendors and others with a stake in tracking cybercrime trends.

Phishing sites are websites that look nearly identical to the legitimate ones and often mimic known brands. Leveraging the trust users put in the legitimate companies, cybercriminals succeed in tricking victims into divulging logins, passwords and other sensitive information.

The APWG noted in its report that the increase in the number of phishing websites was in part due to new technology that it began using earlier this year to detect fraudulent sites.

More than 38 percent of the fake websites were related to financial services, according to the APWG's report. The second most spoofed market vertical was payment services, followed by retail and other service sites. The sites spoofed 392 brands, also a new record.

"All manner of commerce is transacted online today and in that are opportunities for new and provocative scams, leveraging some part of the customer-enterprise relationship that is unique to the domain," said Peter Cassidy, secretary general of the APWG. "People are tougher to fool with phishing, but they still can be in the hands of a creative scam artisan."

The U.S. hosted the most fake sites. About half of the phishing sites for the first quarter of 2012 used some form of a brand in their URL, which often tricks people.

On the bright side, though, phishing sites are being taken down faster than ever due to better security technologies. But "the problem is a lot of campaign schemes are built around deployment of lots of landing websites for a single campaign to complicate the work of putting down the attacks," Cassidy said.

Send news tips and comments to jeremy_kirk@idg.com

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

NetIQ iSeries Security

The NetIQ iSeries Security Solutions helps you eliminate security risks and maintain business continuity

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »