A new survey from the Anti-Phishing Working Group (APWG) has shown that up to 81% of the domain names used for phishing are legitimate domains that have been “compromised” or hacked.

Over 56, 959 phishing attacks have been observed, which occurred on 30, 454 unique domain names. Of these domains, only 5,591 domain names (18.5%) were registered by phishers. Almost all the rest (81%) were hacked domains belonging to innocent site owners, and less than 1% of the domains used by phishers were domains operated by subdomain resellers and sites that offer Web site hosting.

APWG says that phishing most often takes place on compromised Web servers, where the phishers place their phishing pages unbeknownst to the site operators. This method not only gains the phishers free hosting, but it also complicates take-down efforts because suspending a domain name or hosting account also disables the resolution of the legitimate user's site.

A vital measure of how damaging phishing attacks are, is the uptime. The longer a phishing attack remains active, the more money the victims and target institutions lose, and the more money the phisher makes. It is estimated that at least US$300 is lost for every hour that a phishing site remains up.

APWG has calculated that for all 56,959 attacks under observation, the average uptime is 52 hours, with a median of 14 hours, 43 minutes.

Survey’s major findings include:

1. Phishers are increasingly using subdomain services to host and manage their phishing sites.

2. Phishers continue to target specific Top-Level Domains (TLDs) and specific domain name registrars.

3. The amount of Internet names and numbers used for phishing has remained fairly steady over the past two years.

4. Anti-phishing programs implemented by domain name registries can have a remarkable effect on the up-times of phishing attacks.

5. There are decreases in phishing on IP addresses and the use of brand names in domain names to fool users. Phishers are not using IDNs (Internationalized Domain Names).”

You can find the full survey here (PDF).

Hosting Bookmarks

Copyright © 2024 DevStart, Inc. Permission is required to use the material on this page.