 |
|
|
|
|
|
|
Crimeware-Spreading Sites Increase Rapidly in Q2/2008
|
Note: Click graph to download full report
- Number of crimeware-spreading URLs detected rose to a record
9,529 in June, an increase of nearly 47 percent from the previous record of 6,500 in March.
The number at quarter’s end is 258 percent higher than the endof Q2 2007.
- May presented a record high of 294 hijacked brands and the quarter's 485 victimized brands is also a record high.
- The number of malicious application variants hit a record high of 442 in May.
- The number of crimeware-spreading URLs exploded to a record high of 9529 at quarter's end, 258 percent higher than at the end of Q2 2007. |
|
|
Check out the advice we've compiled for consumers on phishing. Visit the Resources pages for more information:
|
16 Nov 08: APWG releases Advisary on Subdomain Registries
This advisory, "Making Waves in the Phisher’ Safest Harbors: Exposing the Dark Side of Subdomain Registries", discusses how phishers now use what we call subdomain registries to provide safe harbors for malicious and criminal activities. The advisory also discusses measures individuals and organizations can consider if they opt to make these harbors less attractive and effective to phishers.
3 Nov 08: APWG releases Global Phishing Survey: Domain Name Use and Trends in 1H2008
This study describes our analysis of a comprehensive database of phishing that took place in the first half of 2008 (1H2008), and is a follow-up to our 2007 study. Specifically, the data in this new report includes all the phishing attacks detected between January 1, 2008 and June 30, 2008, as collected by the APWG and supplemented with additional reports from several phishing feeds and private sources. The APWG phishing repository is the Internet’s most comprehensive archive of e-mail fraud and phishing activity.
2-7 Nov 08: APWG Industry Liaison Rod Rasmussen briefs ICANN constituency meetings on latest phishing threats - New Delhi, India
APWG Industry Liaison Rod Rasmussen presents updates on latest phishing threats and APWG DNSPWG initiatives to ICANN constituency groups including gTLD Registries, Business, ISP, and IP. Also provides closed-door briefing to Security and Stability Advisory Committee (SSAC) on sensitive threats to DNS infrastructure, and provides in-depth briefing on Fast-Flux Phishing as part of the open SSAC meeting.
27 Oct 08: Anti-Phishing Best Practices Recommendations for Registrars
The purpose of this document is to provide a set of recommendations to the domain registrar community that can substantially reduce the risk and impact of phishing on consumers and business worldwide. The recommendations focus on 3 areas where registrars can be of assistance: Evidence Preservation for Investigative Purposes, Proactive Fraud Screening and Phishing Domain Takedown.
8 Oct 08: FTC Warnes Consumers to Avoid Fake E-mails Tied to Bank Mergers
Consumers are warned not to take the bait. The FTC has advice about how to stay on guard against this type of scam. To learn more, see the consumer alert “Bank Failures, Mergers and Takeovers: A ‘Phish-erman’s Special,’” at http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt089.shtm.
12 Sept 08: APWG to Briefs APACS Payments Council in London, UK
APWG Chairman Dave Jevans will address the fourth annual ID Threats Seminar organised by the APACS Security Unit. The objective of this year’s event is to allow business owners, security professionals, government and law enforcement to share experiences and best practice, and to explore new opportunities for improvement.
29 Aug 08: APWG Releases First Quarter 2008 Phishing Trends Report
The APWG's combined report, covering phishing activity during the first quarter of 2008 is available here: APWG Phishing Trends Activity Report for Q1 2008.
19 Aug 08: APWG and IEEE Partner for Electronic Crime Research Conference
The APWG, a global, independent coalition combating electronic crime, and IEEE announced today that they will join forces for the development of the APWG e-Crime Researchers Summit (eCRS), the world’s only peer-reviewed technical conference dedicated exclusively to electronic crime research.
Press Release avaialable here.
21-22 Jul 08: APWG to Briefs Identity Protection Forum Hosted by the Internal Revenue Service in Washington, D.C.
Dr. Laura Mather, APWG Managing Director of Operational Policy, will address the Identity Protection Forum in Washington, D.C. hosted by the IRS. The purpose of the Forum is to unite key executives and experts in the fields of privacy and identity theft from both public and private sectors, in the domestic and international arenas, to share common experiences and successes in the protection of identity information and gain insights into trends and future developments in this area of growing interest.
16 Jul 08: FTC Issues Staff Report on Roundtable Discussion About Phishing
The Federal Trade Commission today released a staff report on a Roundtable Discussion on Phishing Education that it hosted in April. Approximately 60 experts from business, government, the technology sector, the consumer advocacy community, and academia met at the FTC to discuss strategies for outreach to consumers about avoiding phishing. The FTC’s report summarizes key themes that emerged from the Roundtable Discussion and outlines next steps for increasing anti-phishing education. The report also includes a description of workshop participants’ efforts to fight phishing attacks and educate consumers, as well as ideas for increasing effective consumer education. To read the report go to http://www.ftc.gov/reports/index.shtm.
23 Jun 08: APWG Industry Liaison Rod Rasmussen collaborates on anti-crime issues with broad set of Internet constituencies at 32nd ICANN Meeting - Paris France
This week, Industry Liaison Rod Rasmussen briefed several ICANN constituencies on the latest phishing and e-crime trends at the most widely attended ICANN meeting to date. The APWG continues its close work with the SSAC (Stability and Security Advisory Committee) and held briefings on the latest phishing trends with the Registry Constituency, Business Constituency, and a special Law Enforcement session. Several private briefings with ICANN staff were also held to continue the close working relationship between the organizations. The APWG also presented its recently released version of the "Registrar Best Practices for Anti-Phishing" document to the Registrars' Constituency. Further, the APWG is actively participating in the Policy Development Process on Fast-Flux DNS for the GNSO (Global Name Supporting Organization) which kicked-off at this meeting.
28 May 08: SSAC post an Advisory on Registrar Impersonation Phishing Attacks
The ICANN Security and Stability Advisory Committee describes a form of phishing attack that targets domain name
registrants. In this Advisory, SSAC describes generic forms of this type of attack. We
consider types and formats of information included in legitimate email
messages that various registrars use when corresponding with customers. We
discuss how phishers manipulate these information types and formats to
create a bogus correspondence that is designed to socially engineer the
registrar¹s customer into visiting an impersonated registrar web site. The
attacker designs the impersonated web site to dupe the customer into
disclosing domain management account names and credentials. We discuss some
of the current recommended practices to minimize or prevent phishing attacks
employed by common phishing targets such as financial institutions and large
corporations. We recommend measures that registrars can take to make their
correspondences with registrants less "phishable² and identify ways for
registrants to detect and avoid falling victim to this form of phishing.
21 - 22 May 08: APWG Deputy Secretary-General Foy Shiver addresses World Cyber Security Summit 2008 - Kuala Lumpur, Malaysia
Mr. Shiver keynotes the 2008 World Cyber Security Summit (WCSS) to be held in conjunction with 16th World Congress on Information Technology 2008 in Kuala Lumpur, Malaysia. The theme of the workshop is “E-Commerce and Cybercrime” and will address issues that are affecting and challenging the sustainability of critical information infrastructures and organisations.
18-22 May 08: APWG presents to Annual AusCERT Asia Pacific Information Security Conferenc Meeting - Gold Coast, Australia
APWG Industry Liaison Rod Rasmussen presents at the annual AusCERT Asia Pacific Information Security Conference meeting on the status of
the APWG's counter e-crime efforts and programs, including the Internet Policy Committee's ongoing initiatives.
23-25 Apr 08: APWG Internet Policy Committee (IPC) members present to 17th Annual WWW conference - Beijing, China
APWG IPC Committee member Greg Aaron leads a panel discussion that includes several APWG members on "Protecting the Web: Phishing, Malware
, and Other Security Threats" at the WWW2008 conference.
15 Apr 08: APWG Secretary General Peter Cassidy keynotes the SoftForum's CODEGATE Hacking & Security Conference - Seoul, Korea
Mr. Cassidy keynotes the CODEGATE conference, presenting his talk, "Mapping the Frontiers of the Electronic Crime Threat From Consumers? Desktop to National Equities Markets."
1 April 2008: APWG to Briefs the Federal Trade Commission
Dr. Laura Mather, APWG Managing Director of Operational Policy, will brief the Federal Trade Commission (FTC) on educational initiatives
within the APWG.
1 Apr 08: APWG Secretary General Peter Cassidy addresses the Council of Europe - Strasbourg, France
Mr. Cassidy speaks at the OCTOPUS Interface Conference on Cooperation Against Cybercrime. The 2008 Conference will focus on the cooperation between service providers and law enforcement, the state of cybercrime legislation and the effectiveness of international cooperation. Mr. Cassidy joins the panel, Cybercrime threats and trends to review contemporary trends in the technologies and techniques by cybercrime organizations.
17 March 2008: APWG Rereleases Memorandum on Phish Site Shut Downs and Whois Data
The APWG Internet Policy Committee has update the Whois Use Case document, originally created in July, 2007, to include use cases associated with IP Whois data. Since IP Whois data is equally useful in investigating and terminating phishing sites, the APWG-IPC determined that it would be beneficial to include information about the use of IP Whois in the phish site shut down process. The document also includes information on the timeframes of phish site shut down as well as an explanation of the organizations who drive phish site shut down.
10 - 12 Mar 08: APWG addresses APCERT Annual General Meeting -
Hong Kong
Deputy Secretary-General Foy Shiver addresses the Asia Pacific CERT community with a briefing on the status of counter e-crime
efforts and programs designed to battle both crime and fraud on the internet.
22 Feb 08: APWG Secretary General Peter Cassidy joins the advisory board of Cybersafe Initiative - Eugene, Oregon.
Secretary General Cassidy meets with the CSI advisory board to help map direction for this US Department of Justice project, organizing
a public awareness project to promote online security and consumer computer user safety.
30 Jan 08: APWG Secretary General Peter Cassidy addresses the Ministry of Economy, Trade and Industry (METI) - Tokyo, Japan
Secretary General Cassidy addresses the METI and co-host Council of AntiPhishing Japan, opening their 'Information Security Day' conference on“Trends in ID Theft / Phishing, Fraud and Countermeasures Against Them”.
|
|
|
|
|
|
|
Anti-Phishing Working Group
The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and
identity theft that result from phishing,pharming and email spoofing of all types.
|
|
|
|
|
|
|
click here for a full listing
|
|
| |
| |
| |
|
