The number of phishing attacks have soared to a new high in the last year, according to a new report by the Anti-Phishing Working Group (APWG).
The number of email-based attack rose to 16,882, almost doubling the figure from the previous November of 8,975. The number of phishing websites also increased from 1,518 in November 2004 to 4,630 the following year, an increase of more than 300 percent in a year.
The number of brands hijacked by phishers increased by nearly 50 percent over 2005, from 64 to 93 in November, yet still short of the record of 107 set in May.
Phishing emails appear to come from legitimate companies and institutions, such as banks and online retailers, but are in fact from criminals out to deceive internet users into parting with financial information and bank account details.
Experts said the run up to Christmas had prompted criminals to increase their attacks. "The number of recorded unique phishing attacks in November has broken all previous records," said Mark Murtagh, technical director, Websense EMEA.
Murtagh warned there were now 1,044 websites hosting the capability to infect users with a password stealing keylogger. "Therefore, users have a one in four chance of being infected via a phishing attack just by clicking through to the website," he said.
Murtagh said the statistics revealed a continuation in the popularity of running phishing websites through the permanently open port 80. "Businesses must continue to take steps to safeguard against attack through this well known exploit and secure their systems which access the web," said Murtagh.
