The number of conventional phishing attacks dipped slightly last month but the amount of crimeware designed to steal personal data increased, according to the Anti-Phishing Working Group (APWG).
There were 14,135 phishing attacks reported to APWG in July, down from 14,135 in June. The number of phished brands also dipped to 71 last month, from 74 in July, as attackers shifted from targeting large companies to smaller financial institutions, APWG researchers reported.
The number of malicious keylogging applications designed to steal passwords grew to 174 in July, up from 154 in June while the number of password-stealing URLs grew to 918 from 526.
APWG researchers reported a new technique being used more frequently in late July, called “screen scraper.” This technique involves a Trojan Horse that is designed to capture screenshots of a system.
The new technique aims to get around a new authentication method banks have deployed due to the increase in keyloggers. Via a popup window, banks ask users to click on a numeric keypad in order to logon.
The malware will “scrape” the screen based on the mouse clicks and upload that data to a website in order to compromise the credentials, according to APWG.
Researchers also saw an increase in the number of Trojan Horses designed to modify a system in order to redirect a user to a fraudulent site when he or she types in a legitimate URL.