The number of days a phishing site remains online has dropped to an average of 5.5 days, a sign that countermeasures against fraudulent Web sites are being enacted with increased speed, according the
Anti-Phishing Working Group
(APWG), which monitors phishing trends and online crime.
“It’s a complete victory,” said Peter Cassidy, secretary general of APWG. “It means the work by the forensic and counterphishing community is working.”
In its August 2005 phishing report released Thursday, the APWG found that for the second consecutive month, the number of reported new phishing campaigns declined, but the number of new phishing sites reached an all-time high of 5,259. In July, 4,564 sites were reported, the APWG said.
The group’s report, which also tracks the number of servers supporting phishing, novel crimeware deployments and new URLs (uniform resource locators) exposing consumers to malevolent programs, is available at www.antiphishing.org.
As recently as 18 months ago, operators of phishing sites could be pretty confident a site would function for a week or more, collecting information such as user names and passwords to banking sites and other sensitive data. But Cassidy said now when phishing sites are detected, ISPs (Internet service providers) are contacted and the sites are taken down faster.
Also, banks and other organizations are doing pre-emptive analyses of their own Web logs to make sure they are not being copied for a counterfeit site, he said.
“You add all of this up and it’s getting harder to launch an attack,” Cassidy said.
To combat the counterphishing techniques, phishers are now setting up multiple sites so that if one is taken down, another pops up, Cassidy said. Redirect schemes are also used where sites change from minute to minute, he said.
It means it is getting more costly to set up phishing operations. “We see evidence of their lives getting harder and more expensive,” Cassidy said.
But until phishing gets to be more expensive than selling drugs or stolen car parts, the scams are unlikely to decline, Cassidy said.
APWG is in the process of automating how it compiles statistics on phishing, crimeware and online identity theft problems. The group completely relies on human reporting for its data, Cassidy said.
Much of the checking of questionable Web sites by APWG is done by sorting through the submitted data manually, Cassidy said. APWG is changing the system to automatically sort out e-mail that is not classified as phishing, such as so-called “419” pitches, he said. In 419 scams involve lotto schemes, prize claims and other forms of fee solicitation.