More than 150,000 phishing URLs were established during the second quarter of 2009, surpassing previous record highs set during the first quarter of 2007, according to MarkMonitor's Brandjacking Index report for summer 2009, released Monday.
Typically there is a gradual uptick in the number of phishing URLs from month to month, Fred Felman, chief marketing officer at MarkMonitor, told SCMagazineUS.com on Monday. But in this case, there was a huge spike, primarily due to Rock Phish-style attacks that rely on botnets and fast-flux networks to rapidly change DNS records of phishing URLs and avoid shutdown attempts from security vendors or companies whose brands are being spoofed.“For the first time again [since the first quarter of 2007], instead of seeing incremental organic growth, we are seeing huge spikes in activity due to these Rock Phish attacks,” Felman said.
Attackers most commonly craft phishing sites to look like legitimate payment services organizations, such as PayPal, in attempts to steal user login credentials. Forty-nine percent of all phishing URLs identified during the second quarter of 2009 spoofed payment services brands, according to MarkMonitor's report. Thirty-two percent of all phishing URLs spoofed financial organizations, while nine percent spoofed auction organizations.
In addition, phishing attacks increasingly mimicked the login pages of social networks, Felman said. Phishing sites against social networks increased 168 percent during the second quarter of 2009 compared to the same quarter last year, according to the report.
Just a month ago, two separate reports stated that phishing was declining. According to IBM's mid-year security report, in 2008, phishing attacks were present in 0.5 percent of all spam, but during the first half of 2009, they dropped to 0.1 percent. A separate mid-year threat report, distributed by Kaspersky Lab last month, supported IBM's findings that phishing was in retreat.
But Felman said that MarkMonitor does not believe phishing is down and the decline in phishing reported by IBM and Kaspersky could be attributed to targeted attacks that are unaccountably making their way past spam filters.“Though they [IBM and Kaspersky] show the problem is down, we see the problem as one that still plagues our customers and is growing,” Felman said.