A consortium dedicated to fighting phishing has expanded its efforts to take on new types of online identity theft.
The Anti-Phishing Working Group will broaden its focus to include pharming – DNS cache poisoning – and what the group calls “crimeware” – spyware that is used to steal identities.
“The APWG’s belief is that conventional phishing via social engineering schemes will be eclipsed by advanced, automated crimeware based on keyloggers, redirectors and session hijacking technologies,” APWG Chairman Dave Jevans said in a statement.
The number of conventional phishing attacks reported to the group rose from 14,987 in May to 15,050 in June. Meanwhile, the number of unique crimeware dedicated to password stealing doubled from 79 to 154 in the same period.
The group also received reports of 526 password-stealing malicious URLs in June, up from 260 in April and 495 in May.
Pharming involves an attacker changing the DNS records that resolve domain names into IP addresses so that a user is redirected to a spoofed, malicious site.
APWG is a nonprofit organization with more than 1,000 members, including ISPs, financial institutions, security vendors, and law enforcement agencies.
Email security supplier Postini reported that it tracked a record number of phishing emails in July.