The number of days a phishing site remains online has dropped to an average of 5.5 days, a sign that countermeasures against fraudulent Web sites are being enacted with increased speed, according the Anti-Phishing Working Group (APWG), which monitors phishing trends and online crime.
Phishing is characterised by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message.
"It's a complete victory," said Peter Cassidy, secretary general of APWG. "It means the work by the forensic and counterphishing community is working."
In its August 2005 phishing report released Thursday, the APWG found that for the second consecutive month, the number of reported new phishing campaigns declined, but the number of new phishing sites reached an all-time high of 5,259. In July, 4,564 sites were reported, the APWG said.
The group's report - which also tracks the number of servers supporting phishing, novel crimeware deployments and new URLs (uniform resource locators) exposing consumers to malevolent programs - is available at www.antiphishing.org.
As recently as 18 months ago, operators of phishing sites could be pretty confident a site would function for a week or more, collecting information such as user names and passwords to banking sites and other sensitive data. But Cassidy said now when phishing sites are detected, ISPs (Internet service providers) are contacted and the sites are taken down faster.
Also, banks and other organisations are doing pre-emptive analyses of their own Web logs to make sure they are not being copied for a counterfeit site, he said.
"You add all of this up and it's getting harder to launch an attack," Cassidy said.
To combat the counterphishing techniques, phishers are now setting up multiple sites so that if one is taken down, another pops up, Cassidy said. Redirect schemes are also used where sites change from minute to minute, he said.
It means it is getting more costly to set up phishing operations. "We see evidence of their lives getting harder and more expensive," Cassidy said.
But until phishing gets to be more expensive than selling drugs or stolen car parts, the scams are unlikely to decline, Cassidy said.
APWG is in the process of automating how it compiles statistics on phishing, crimeware and online identity theft problems. The group completely relies on human reporting for its data, Cassidy said.
Much of the checking of questionable Web sites by APWG is done by sorting through the submitted data manually, Cassidy said. APWG is changing the system to automatically sort out e-mail that is not classified as phishing, such as so-called "419" pitches, he said. In 419 scams involve lotto schemes, prize claims and other forms of fee solicitation.
October 27-28, 2005. At MacExpo, Olympia National Hall, London
Macworld has gathered the world's best Mac experts for this year's Conference, which focuses on two areas: Mac OS X and profesional design.
Mac OS X: David Pogue (author of many best-selling Mac books, and the technology correspondent for the New York Times) leads the Mac OS X stream, alongside Macworld's hilarious back-page columnist Andy Ihnatko.
Design Pro: Deke McClelland (author of The Photoshop Bible, and inductee of the Photoshop Hall of Fame) runs a masterclass on Adobe Photoshop and other Creative Suite applications, with digital-artist Steve Caplin and photographer Martin Evening. Quark Product Architect Dan Logan flies in from the US to show the world's first full demonstration of the ground-breaking QuarkXPress 7.0.
Discover the hidden tips and tricks utilised by the Mac's top practitioners to dramatically enhance your skills and gain the insights you need to get the most from your technology investment.
Click here for more details.