SAN JOSE, Ca. – In Symantec’s Monthly Phishing Report, the company noted that the financial sector, including e-commerce and banking sites, accounted for the majority of the phishing attacks, which made-up 84 per cent of total fraud activity.
“We will probably see a spike over the next couple of months with tax revenue phishing scams targeting the IRS and government agencies,” said David Cowings, senior manager of operations with Symantec.
Next in line was the information services sector at 13 per cent. Cowings noted that ISPs aren’t being targeted for financial gain but for other purposes like sending spam e-mails to launch a vicious attack.
Other findings include a total of 17,417 unique websites were recorded, which included a total of 227 known brands being targeted by phishers.
As well, Symantec noted that there was a decrease of 12.57 per cent of attacks from phishing kits that occurred from the previous month. Cowings believe that this decrease can be attributed to the larger use of randomized domains.
“Phishing kits are being used to employ several domains and not necessarily as a large blanket of domains they rotate to. These phishing kits might be tied into the use of botnets that use a small number of domains,” he added.
Additionally, a total of 1803 attacks used IP addresses instead of domain names in the URL field. According to the report, this is a tactic used to hide the actual fake domain name which, otherwise can be easily noticed. Also, many banks use IP addresses in their website URLs. This makes it confusing for customers from distinguishing a legitimate brand IP from a fake IP address.
To determine whether someone is visiting a legitimate or a phishing site, Cowings advised that people need to start reading URLs from right to left.
He explained that the real domain always appears after first forward slash that one sees from reading the URL backwards.
Another finding includes 293 domains, spoofing 51 brands, were used for mounting typo-squatting attacks. This type of attack refers to the practice of registering domain names that are typo variations of financial institution websites or other popular websites.
“[Typo-squatting] causes damage to brand recognition for that financial institution,” said Cowings. He added that Symantec is starting to see a reduction in typo-squatting as anti-phishing security companies are starting to catch on to this tactic and is warning financial institutions. In fact, Cowings said that banks are starting to buy all the different variations of their domain to prevent this kind of attack.
Among the non-English phishing sites, Italian language phishing sites were most frequently recorded followed by sites in French and German. Cowings believed that these countries feature a lot of novice Internet users that makes them a better target for phishers.
Com, Net and Org were the generic TLDs (Top Level Domains) used with the greatest frequency representing 66 per cent, 11 per cent and nine per cent of the total phish attacks respectively. TLDs such as edu, gov, mil and the secondary level domain ‘ac’ are owned by educational institutions and government websites and are normally very secure, the Symantec report noted.
This column was written by Vanessa Ho of ConnecIT
a>>
