APWG Refines Its Reporting Methodology; Latest Report Indicates Counter-Phishing Measures Compelling Phishers to Work Harder; Use More Resources.MENLO PARK, Calif. & CAMBRIDGE, Mass. -- The Anti-Phishing Working Group The AntiPhishing Working Group (APWG) is a consortium that brings together businesses affected by phishing attacks, businesses that provide security products and law enforcement. The APWG has more than 2700+ members from more than 1600 companies & agencies worldwide. (APWG APWG Anti-Phishing Working Group APWG Action Plan Work Group APWG Acquisition Policy Working Group APWG Advocates for Prostituted Women and Girls APWG AFSCN Prioritization Working Group APWG AFSCN Priorities Working Group ) today released their August 2005 phishing report and announced refinements to the group's monthly phishing trends report, reinstating the tracking of unique phishing campaign reports in addition to unique websites. Combined with data sets added this year to track crimeware proliferation and propagation, the APWG has assembled the most comprehensive periodical of ecrime activities. APWG Chairman David Jevans said, "APWG and our members are committed to providing the most complete and accurate statistics available to track the state of the phishing, crimeware and online identity theft problems. This report features our most comprehensive statistics to date. We have been investing in increased automation and standardization for our reporting metrics, and this has allowed us to track both unique phishing email campaigns as well as unique phishing websites." The APWG has issued its Phishing Activity Trends report every month since February of 2004, weeks after its founding in late 2003. Since then, the APWG has tracked the explosive growth of conventional social-engineering-based phishing attacks, now flattening, and instituted its PROJECT: Crimeware to track the now-rapidly increasing spread of code deployed by criminal enterprises to automate the theft of personal data and completion of fraudulent transactions. The APWG monthly report today tracks the number of phishing campaigns; the number of servers supporting them; the number of novel crimeware deployments; and the number of new URLs that are exposing consumers to those malevolent programs. The August report shows indications that defenses organized by victimized brandholders may be working to the extent that phishers are forced to employ greater resources to mount the same number of attacks. For the second month in a row, the number of phishing reports received of new campaigns declined - while at the same time, the number of new phishing sites reached an all-time high of 5259, a substantial increase over the 4564 reported in July. APWG Secretary General Peter Cassidy said, "You can go back and forth as to what these numbers really mean, but what cuts the data for me is the finding that the average time online for a site has dropped to 5.5 days, a substantial decline for a cohort of this size from a year ago - when it was nearly a week - while the number of commandeered servers detected is still climbing. A number of techniques and routinized cooperation among counter-phishing stakeholders has allowed victimized brandholders to take down counterfeit sites faster and, in many instances, uproot them before the campaigns are even launched. That all means more work and expense for the phishers and a lower overall time online." The APWG also announced this month that MarkMonitor had joined the APWG's Global Research Partners Websense and Panda Software who organize the development of the monthly report. MarkMonitor analysts examine reports that arrive from the field and cull the erroneously reported or uncomfirmable sites from the sample site of counterfeit phishing sites, leaving a precipitate of high quality phishing attack data for APWG members' forensic applications. "MarkMonitor is pleased to support the APWG in continuing its heritage of being the definitive source of online fraud information and statistics," said David Silver, MarkMonitor Vice President, Business Development. "MarkMonitor provides uninterrupted, 7x24x365, identity-based fraud detection and response services for APWG and its members. We're excited to take a leadership role in providing both confirmation services of phishing attacks and introducing new metrics as part of APWG's ongoing reporting activities." The full text of the report is online at: www.antiphishing.org/apwg_phishing_activity_report_august_05.pdf Members of the press can contact: APWG Chairman David Jevans at dave.jevans@antiphishing.org or 650 996 2142 APWG Secretary General Peter Cassidy at 617 669 1123 Websense Manager of Public Relations Ronnie Manning at 858 320 9274 or rmanning@websense.com MarkMonitor VP Marketing Liz Greer at 415 278 8420 or liz.greer@markmonitor.com About The Anti-Phishing Working Group The Anti-Phishing Working Group (APWG) was formed in 2003 to fight identity theft and email spoofing on the Internet. The group is one of the security industry's pre-eminent consortia, with around 2,000 members from more than 1300 financial services firms, ISPs, security vendors, law enforcement agencies A law enforcement agency (LEA) is a term used to describe any agency which enforces the law. This may be a local or state police, federal agencies such as the Federal Bureau of Investigation (FBI) or the Drug Enforcement Administration (DEA). , law courts, regulatory agencies and consumer groups from around the world. The APWG website is www.antiphishing.org. APWG's corporate sponsors include: Able NV, ActivCard (ACTI ACTI Advanced Cleanup Technologies, Inc (Rancho Dominguez, CA) ACTI Advanced Computational Technology Initiative ACTI Advisory Committee on Technology Innovation ACTI Aircrew Coordination Training Instructor ), Adobe (ADBE ADBE Adobe Systems, Inc. (stock symbol) ), Aladdin Knowledge Systems Aladdin Knowledge Systems NASDAQ: ALDN is a company that provides solutions for software digital rights management and Internet security since 1985. Its corporate headquarters are located in Tel Aviv, Israel. (ALDN), Anakam, Anonymizer, Brandimensions, Clear Search, Cloudmark, Comodo, Corillian (CORI), Cydelity, Cyota, Cyveillance, Datanautics, DigitalResolve, eBay/PayPal, Earthlink (ELNK ELNK EarthLink, Inc. (stock symbol) ELNK Ethernet Link ), Entrust (ENTU), Experian, eEye Digital Security eEye Digital Security is a company that specialises in analysis and prevention of security vulnerabilities in software. Founded by Firas Bushnaq and Marc Maiffret in 1997, the company has been credited by Microsoft with bringing a number of security vulnerabilities to their , GeoTrust, GoDaddy, Iovation, Iconix, InternetIndentity, Internet Security Systems, Kaspersky Labs, MailFrontier, MarkMonitor, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT MSFT Microsoft (stock symbol) MSFT Movimento Sociale Fiamma Tricolore (Italy) MSFT Multi-Stage Fitness Test MSFT Master of Science in Family Therapy MSFT Macalester Students for Fair Trade ), NameProtect, Netcraft, NetIQ (NTIQ), Panda Software, PassMark Security, Quova, RSA Security (RSAS RSAS RSA Security, Inc. (stock abbreviation, AMEX) RSAS Royal Swedish Academy of Sciences RSAS RAND Strategy Assessment System RSAS Reactor Safety Assessment System ), SAIC SAIC - http://saic.com. , SecureBrain, Sigaba, SOPHOS, SquareTrade, Symantec (SYMC SYMC Symantec Corporation (stock symbol) ), The 41st Parameter, Trend Micro (TMIC TMIC Trend Micro Inc. (stock symbol) TMIC Top Mount Intercooler (automotive turbo systems) TMIC Traffic Management and Information Centre TMIC Training Management Information Center ), TriCipher, Tumbleweed Communications (TMWD), Vasco (VDSI VDSI Vasco Data Security International, Inc. (Brussels, Belgium) VDSI Verband Deutscher Sicherheitsingenieure (German) ), VeriSign (VRSN), Visa, Websense, Inc. (WBSN) and WholeSecurity. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion