APWG’s Global Phishing Report Indicates Surge in Phishing Attacks

April 27, 2011 - PRLog -- Phishing has been one of the common techniques used by cybercriminals to defraud Internet users. However, the attacks have become more sophisticated over the last few years. Information is much more easily available, which could be used to launch targeted attacks. The latest Global Phishing Report by the Anti-Phishing Working Group (APWG) indicates significant rise in average (73 hours) and median uptimes (over 15 hours) of all phishing attacks during the second half of last year. There were around 67,677 phishing attacks worldwide during the second half of last year. Attackers are frequently targeting Chinese e-commerce sites and banking institutions. Taobao, a Chinese online shopping and auction site was the major target of attacks.

Majority of the malicious domain registrations concentrate in .COM, .TK, and .NET top-level domains. .TK domain is associated with the tiny pacific atoll of Tokelau, a New Zealand territory, which has become the third largest country code top-level domain after .de and .uk associated with Germany and United Kingdom. However, the free domain has been misused by cybercriminals for phishing activities. Cybercriminals made use of 2,429 unique .tk domain names to target 54 different targets worldwide. However, over 80% of the domains were used to phish Chinese organizations.

Phishers detect security flaws in websites and IT infrastructure, identify negligent user practices, gather e-mail lists, register counterfeit domain names, build websites identical to legitimate sites, identify phishing tools and send well-crafted mails to large number of users.

Organizations must take proactive measures to streamline IT security. Professionals qualified in masters of security science could help organizations in strengthening the defenses against security threats. Regulatory authorities must set up restrictions on domain name registration and avoid exploitation of sub-domain registration services.

Counter crime agencies must identify and close phishing sites, initiate steps to enhance user awareness through online degree programs, e-tutorials and security alerts. Internet users must avoid responding to e-mails, which request personal and financial information. They must verify the check the authenticity of the URL through Internal search engines. They must be cautious in providing e-mail addresses on websites to avoid spam e-mails. Users can verify the authenticity of a banking site by clicking on the padlock. Valid padlocks display security certificate on single or double-click, whereas fake padlocks may not display any information.

Organizations may collaborate with educational institutions and encourage employees to undertake online university degree courses on cyber security to foster security conscious culture.

Contact Press

EC-Council
Website:  http://www.eccuni.us
Email:  iclass@eccouncil.org
Tel:  505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences. http://www.eccouncil.org

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).