Skip Links

FAQ: Phishing tactics and how attackers get away with it

Latest Anti-Phishing Working Group report shows rise of attacks on virtual-server farms at hosting facilities

By , Network World
April 29, 2013 01:56 PM ET
APWG logo

Network World - Phishing attacks on enterprises can be calamitous in terms of compromised networks or damaged brand names, and the Anti-Phishing Working Group (APWG), which aggregates and analyzes phishing trends data worldwide, offers some of the best insight from industry into what's occurring globally in terms of this cybercrime. The following list of frequently asked questions about phishing is derived from the APWG's April report that covers the period July-December 2012 worldwide.

Q: How many phishing attacks occurred in the second half of last year?

A: There were at least 123,486 unique phishing attacks worldwide. This is more than the 93,462 attacks that APWG observed in the first half of 2012. This is due to an increase in phishing attacks that leveraged shared virtual servers to compromise multiple domains at once.

Q: How many unique domain names were involved in the phishing attacks?

A: Due to the shared virtual server hacking, the attacks used 89,748 unique domain names -- up from the 64,204 domains used in for the first half of 2012. In addition, 2,489 attacks were detected on 1,841 unique IP addresses, rather than on domain names, a trend that has remained steady for three years. None of these phishing attacks were reported on IPv6 addresses though.

Q: How many of these domain names were maliciously registered by phishing attackers versus the number of domains that represent hacked or compromised ones on vulnerable Web hosting?

Of the 89,748 unique domain names, the APWG identified 5,835 domain names that APWG believes were registered maliciously by phishers. This number is down significantly from 7,712 identified in the first half of 2012, a downward trend that's occurred since the count for maliciously registered domain names stood at 14,650 in the first half of 2011. The other 83,913 domains were almost all hacked or compromised on vulnerable Web hosting. The overall use of subdomain services for phishing fell from 14% to 8% of all attacks. Phishers continue to use "URL shortening" services to obfuscate phishing URLs but such use involved only 785 attacks in the second half of 2012. Over 65% of malicious shortened URLS use for phishing were found at a single provider,

Q: What top-level domains (TLDs) are the most popular for registration by phishers?

A: 82% of the malicious domain registrations were in just three TLDs: .COM, .TK (Thailand) and .INFO. PayPal is the most targeted brand, with 39% of all phishing attacks aimed at PayPal users. .COM contained 48% of the phishing domains in the APWG's data set, and 42% of the domains in the world. Thailand's .TH domain, which accounts for just over half of the world's malicious registrations made in the .TK registry, continues its high ranking as it has for several years, and it suffers from compromised government and university web servers, according the APWG.

Q: What were the top registrars worldwide used by phishers to purchase domain names?

A: 21 registrars, several of them in China, accounted for 79% of the domains registered maliciously (a total of 2,991). These were Shanghai Yovole Networks; Chengdu West Dimension Digital technology; Hang Zhou E-Business Services; Jiangsu Bangning Science;; Beijing Innovative; 1API;; Directl/PDR; Hichina Zhicheng; Melbourne IT; Xin Net technology Corp;;; Fast Domain; eNom Inc.; OVH; GoDaddy; Tucows; 1 and 1 Internet AG.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News