Reports of phishing attacks up again in December

Reports of online identity theft scams known as “phishing” attacks were up again in December, when more than 1,700 active phishing Web sites were reported, a 10 percent jump from the previous month, according to data released Thursday by the Anti-Phishing Working Group (APWG).

While the holiday season slowed phishing reports and activity, the scourge showed no sign of abating in December, with a steady increase in both the number of phishing Web sites and e-mail messages, and evidence of more sophisticated techniques to hijack personal data, according to an APWG report.

Phishing scams are online crimes that use spam e-mail to direct Internet users to Web sites designed to look like legitimate e-commerce sites, but that are controlled by thieves. Users are asked to provide sensitive information such as a password, bank account or credit card number, often under the guise of updating account information.

More than 9,000 unique e-mail messages linked to phishing scams were identified by the APWG in December, an increase of 6 percent from the month before, and a 38 percent increase over the number reported in July, APWG said.

Financial services companies were the top target of phishing scams again in December. According to the report, 85 percent of all phishing scams targeted companies in the financial services business. ISPs (Internet service providers) and retail companies were also major targets of the scams, the APWG said.

As in previous months, the U.S. was the world leader in hosting phishing Web sites. More than 32 percent of phishing sites were U.S.- based. China (12 percent) and Korea (11 percent) were also top hosting countries. On average, phishing Web sites stay online for just under six days before being shut down, with the longest up for more than 30 days, the group said.

APWG, which includes representatives from law enforcement and private sector companies, including leading ISPs, banks and technology vendors, again warned the public that phishing scams are growing more sophisticated, and do not simply try to trick users into divulging sensitive information. The latest scams use Web browser vulnerabilities and Trojan horse programs that are downloaded from phishing Web sites to mine vulnerable computers for sensitive data, the APWG said.

In the past year, the number of phishing attacks has exploded, and the online identity theft scams have become a major concern for businesses and law enforcement companies that do business online, prompting a number of proposals and programs to combat the crimes.

In December companies, including Microsoft Corp., America Online Inc., VeriSign Inc. and EarthLink Inc., joined the U.S. Federal Bureau of Investigation, the U.S. Secret Service and the U.S. Postal Inspection Service to form a new group called Digital PhishNet. The group’s goal is to improve communication between government and industry, enabling authorities to crack down more quickly on phishing Web sites.