Report: Phishing Domain Registrations Way Down

Online criminals registered far fewer Web domains for use in phishing attacks in the first half of 2011, in what may signal a decrease in phishing scams, according to a  global phishing survey released this month by the Anti-Phishing Working Group (APWG). 

PhishingOnline criminals registered far fewer Web domains for use in phishing attacks in the first half of 2011, in what may signal a decrease in phishing scams, according to a  global phishing survey released this month by the Anti-Phishing Working Group (APWG). 

In all, the group observed phishing attacks against 520 target institutions, among them: leading banks, e-commerce Web sites, Internet Service Providers (ISPs), lotteries, government tax bureaus, postal services, and stock-holding securities companies. Of just under 80,000 phishing domains reported, only 18 percent (14,650) were believed to have been registered by the phishers themselves. That figure is down from the second half of 2010, when phisher-registered domains accounted for 28 percent of such domains. Furthermore, the median uptimes for such scams were the lowest the APWG has ever recorded, the group said. 

Registrations of suspected phishing domains that contain recognizable brand-names are down significantly from past surveys.

However, the drop was not seen everywhere. Chinese language phishing domains accounted for 70 percent of the 14,650 malicious domain name registrations APWG observed – a 44 percent increase from the previous quarter. Many of those phishing scams are targeting Chinese Internet users, but reside on systems operated by low-priced domain providers located outside of the PRC.

APWG said that it saw an increase in phishing scams that rely on compromises of shared virtual servers and using those systems as attack platforms is increasing in popularity. This method now accounts for 37 percent of all phishing attacks, allowing scammers to cast a wide net, using high volume attacks originating from large numbers of domain names. 

Phishers continued to rely heavily on subdomain registration services in the first half of 2011, while attacks that exploited URL shortening services like bit.ly were surprisingly rare, the report concluded. 

You can find the entire APWG report here [.pdf].

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.