Anti-Phishing Working Group Announces Phishing Attack Sites Increased by 29% In November; Report Shows Smart Malcode Is Augmenting Social Engineering Phishing Attacks.MENLO PARK, Calif. & CAMBRIDGE, Mass. -- The Anti-Phishing Working Group The AntiPhishing Working Group (APWG) is a consortium that brings together businesses affected by phishing attacks, businesses that provide security products and law enforcement. The APWG has more than 2700+ members from more than 1600 companies & agencies worldwide. (APWG APWG Anti-Phishing Working Group APWG Action Plan Work Group APWG Acquisition Policy Working Group APWG Advocates for Prostituted Women and Girls APWG AFSCN Prioritization Working Group APWG AFSCN Priorities Working Group ) today reported a 29% increase in phishing attack sites reported in November 2004 compared to the previous month. The report also highlights increasing incidents of phishing attacks using malicious code to steal consumers' online banking and credit card credentials, indicating a shift from attacks based purely on social engineering to those based on technical subterfuge. The APWG report says social engineering emails lure users to run programs and visit websites hosting malicious code. "Although the characteristics of the sites containing malicious code are not all the same, most of them wait for end-users to access known financial and e-commerce sites and then either replace the site with their own hosted version or capture the keystrokes of the end-user. Keyloggers also have been part of many blended attacks and have spread through many recent highly publicized worms," analyst Dan Hubbard of Websense wrote. The news is disquieting, given advances on other fronts being achieved by organized crime operatives running phishing scams. "We've already seen indications that phishers are already commanding automated distribution systems, apparently leveraging BOTnets, known as zombies. Those resources, combined with conventional keylogging and other innovative malicious code is a threat scenario that could deliver more penetrating attacks," said David Jevans, Chairman of the AWPG AWPG Aviation Weather Products Generator . The full text of the report is available online at: http://www.antiphishing.org/APWG Phishing Activity Report - November 2004.pdf The Anti-Phishing Working Group The APWG is the global counter-phishing organization of stakeholders confronting the phishing threat, including national law enforcement agencies A law enforcement agency (LEA) is a term used to describe any agency which enforces the law. This may be a local or state police, federal agencies such as the Federal Bureau of Investigation (FBI) or the Drug Enforcement Administration (DEA). , global banks and financial institutions, national ISPs, ISVs and hardware vendors and e-commerce companies. The group, formed in 2003, has more than 1000 members worldwide from some 677 companies, government regulatory agencies and law enforcement bureaus, as well as 70 sponsors including: ActivCard (ACTI ACTI Advanced Cleanup Technologies, Inc (Rancho Dominguez, CA) ACTI Advanced Computational Technology Initiative ACTI Advisory Committee on Technology Innovation ACTI Aircrew Coordination Training Instructor ), Affinity, Anakam, Cloudmark, Cyota, Cyveillance, Datanautics, Entrust (ENTU), Experian, GeoTrust, GoDaddy, MarkMonitor, McAfee (MFE), MessageLevel, Microsoft (MSFT MSFT Microsoft (stock symbol) MSFT Movimento Sociale Fiamma Tricolore (Italy) MSFT Multi-Stage Fitness Test MSFT Master of Science in Family Therapy MSFT Macalester Students for Fair Trade ), NameProtect, NetIQ (NTIQ), PassMark, SAIC SAIC - http://saic.com. , RSA Security (RSAS RSAS RSA Security, Inc. (stock abbreviation, AMEX) RSAS Royal Swedish Academy of Sciences RSAS RAND Strategy Assessment System RSAS Reactor Safety Assessment System ), Symantec (SYMC), Trend Micro (TMIC), Tumbleweed Communications (TMWD), Vasco (VDSI), VeriSign (VRSN), Visa, Visa Canada, Websense, Inc. (WBSN), WholeSecurity, 0Spam.net. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion