Phishing scams harder to pull off, group says

The number of days a phishing site remains online has dropped to an average of 5.5 days, a sign that countermeasures against fraudulent Web sites are being enacted with increased speed, according the Anti-Phishing Working Group (APWG), which monitors phishing trends and online crime.

“It’s a complete victory,” said Peter Cassidy, secretary general of APWG. “It means the work by the forensic and counterphishing community is working.”

In its August 2005 phishing report released Thursday, the APWG found that for the second consecutive month, the number of reported new phishing campaigns declined, but the number of new phishing sites reached an all-time high of 5,259. In July, 4,564 sites were reported, the APWG said.

The group’s report, which also tracks the number of servers supporting phishing, novel crimeware deployments and new URLs (uniform resource locators) exposing consumers to malevolent programs, is available at

As recently as 18 months ago, operators of phishing sites could be pretty confident a site would function for a week or more, collecting information such as user names and passwords to banking sites and other sensitive data. But Cassidy said now when phishing sites are detected, ISPs (Internet service providers) are contacted and the sites are taken down faster.

Also, banks and other organizations are doing pre-emptive analyses of their own Web logs to make sure they are not being copied for a counterfeit site, he said.

“You add all of this up and it’s getting harder to launch an attack,” Cassidy said.

To combat the counterphishing techniques, phishers are now setting up multiple sites so that if one is taken down, another pops up, Cassidy said. Redirect schemes are also used where sites change from minute to minute, he said.

It means it is getting more costly to set up phishing operations. “We see evidence of their lives getting harder and more expensive,” Cassidy said.

But until phishing gets to be more expensive than selling drugs or stolen car parts, the scams are unlikely to decline, Cassidy said.

APWG is in the process of automating how it compiles statistics on phishing, crimeware and online identity theft problems. The group completely relies on human reporting for its data, Cassidy said.

Much of the checking of questionable Web sites by APWG is done by sorting through the submitted data manually, Cassidy said. APWG is changing the system to automatically sort out e-mail that is not classified as phishing, such as so-called “419” pitches, he said.

The 419 scams involve lotto schemes, prize claims and other forms of fee solicitation.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Featured Reads