The Anti-Phishing Working Group (APWG) this week reported that the financial services sector peaked at 85% of all reported phishing attacks during December, a deepening concentration of a sector that ran usually between 70-80% of all reporting phishing attacks.
APWG Chairman David Jevans said, "No brand is really safe, but it is interesting to note that the concentration on phishing attacks against financial institutions actually increased to a new high during a time when many were concerned that opportunistic phishers would spoof retail sites, using consumers urgency to keep their e-commerce accounts in order to complete their holiday shopping in time."
The APWG report also suggests that the proliferation in the number of attack targets continues to rise, running from 44 in October, 51 in November to 55 in December.
"The concurrent proliferation of targeted brands and concentration of phishing focus on financial institutions is, of course, disturbing. While not quite yet definable as a trend, the survey suggests movements in the fragmentation of brand targets that we will be asking our analysts to interrogate in greater depth in future reports," said Chairman Jevans.
The report authored jointly by analysts from Websense(R) Security Labs(TM) and Tumbleweed Communications for the APWG shows the relentless increases in phishing attacks that have been apparent all through 2004:
- Number of active phishing sites reported in December: 1707
- Average monthly growth rate in phishing sites July through December: 24%
- Number of brands hijacked by phishing campaigns in December: 55
- Country hosting the most phishing websites in December: USA
- Contain some form of target name in URL: 24%
- No hostname just IP address: 63%
- Average time online for site: 5.9 days
- Longest time online for site: 30 days