This study is a comprehensive analysis of the phishing that took place in the first half of 2008 (1H2008).

Highlights include:

• attack and uptime statistics for all top-level domains
• examinations of how phishers target specific registrars and top-level domains, and change their preferences over time
• use of subdomains for phishing
• other trends pointing to anti-abuse strategies

OVERVIEW
Phishers are constantly experimenting and adapting. In order to combat them effectively, it is important to understand how they are using domain names and why. Domain name usage is an important measure of the scope of the global phishing problem, and examination of domain name trends can provide new anti-abuse strategies.

This study describes our analysis of a comprehensive database of phishing that took place in the first half of 2008 (1H2008), and is a follow-up to our 2007 study.1 Specifically, the data in this new report includes all the phishing attacks detected between January 1, 2008 and June 30, 2008, as collected by the APWG and supplemented with additional reports from several phishing feeds and private sources. The APWG phishing repository is the Internet’s most comprehensive archive of e-mail fraud and phishing activity.

New to this 1H2008 report are attack statistics, and measurements of phishing site up-times. Our data reveals some new trends, and we hope that bringing these tactics to light will lead to improved anti-phishing measures.

Our major findings are:

1. Phishers continue to target specific Top-Level Domains (TLDs) and specific domain name registrars, and shift their preferences over time. Metrics that measure the pervasiveness of phishing in TLDs provide a valuable way to identify exploitation by phishers who register domain names.
2. Anti-phishing programs implemented by domain name registries can have a noticeable effect on the up-times (durations) of phishing attacks. We see some direct correlation between the efforts of several large gTLD and ccTLD operators and the amount of time that phishing sites remained live within their TLDs.
3. Phishers are engaged in the large-scale use of subdomain services to host and manage their phishing sites. Such attacks even account for the majority of attacks in certain large TLDs.

Download Global Phishing Survey: Domain Name Use and Trends in 1H2008

PDF format, 575KB, 23Pages.

Authors: Rod Rasmussen, Greg Aaron
An APWG Industry Advisory

TABLE OF CONTENTS
OVERVIEW.................................3
BASIC STATISTICS...........................3
PREVALENCE OF PHISHING BY TOP-LEVEL DOMAIN (TLD)......5
PHISHING BY UPTIME.................9
USE OF SUBDOMAINS FOR PHISHING...............13
CONCLUSIONS....................15
APPENDIX A: PHISHING SCORES AND UP-TIMES.............17
ABOUT THE AUTHORS..............................23

Visit The Anti-Phishing Working Group (APWG) Website

Anti-Phishing Working Group
The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types.

PWG Members
- 3000+ members
- 1700+ companies & agencies worldwide
- 9 of the top 10 US banks
- The top 5 US ISPs
- Hundreds of technology vendors
- National & provincial law enforcement worldwide

APWG Working Groups
- Best Practices
- Education
- Policy Forum
- Future Threat Models & Forensics
- Phishing Data Repository
- Sizing the Problem
- Solution Evaluation & Deployment Education
- Working with Law Enforcement and Legislatures

Comments (0)

Name

Email

Comment

smaller | bigger

Add Comment