The United States continued to host the majority of phishing websites in the first quarter of 2014, but did not even crack the top 36 when it came to global computer infection rates, according to research from the Anti-Phishing Working Group (APWG).
The number of overall phishing sites observed in the first quarter of 2014 was 125,215, marking a more than 10 percent increase over the final quarter of 2013, during which 111,773 phishing sites were observed, according to the APWG Phishing Activity Trends Report for the first quarter of 2014.
The U.S. hosted more than 40 percent of those sites in each of the first three months of the year, according to the report. The U.S. hosted more than 56 percent of phishing websites in January, but that number dropped a bit following an uptick of sites hosted in Turkey in February and March.
“The U.S. hosts the most phishing sites because a large percentage of the world's websites and domain names are hosted in the United States,” Greg Aaron, president of Illumintel and senior research fellow with APWG, told SCMagazine.com in a Wednesday email correspondence.
John Lacour, founder of PhishLabs, told SCMagazine.com in a Wednesday email correspondence that about 80 percent of phishing sites are hosted on compromised websites, according to PhishLabs data. Lacour said that trend will not change until website security is significantly improved.
The number of brands and legitimate entities targeted in phishing attacks also went up in the first quarter of 2014, jumping to 557 from 525 in the previous quarter, according to the report.
“Criminals [are] attacking new brands,” Aaron said. “Almost any enterprise that takes in personal data via the web is a potential target. While phishing has traditionally targeted banks and money transfer services such as PayPal, we're seeing a wider range of targets getting spoofed, such as Airbnb and grocery store chains.”