The Anti-Phishing Working Group (“APWG”) is worldwide watchdog organization composed of more than 1,800 companies, government agencies and solutions providers. APWG is committed to wiping out internet scams and fraud.
The APWG just released their First Half 2010 Report. You can get the full report here: http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_1H2010.pdf
The report discusses the disturbing trend we reported in our October 22, 2010 IRS Warning posting. This is the trend of using fraudulent emails to trick people into infecting their own machines with malware. The APWG explains that unlike the bad old days, where the criminals took victims to fake websites to steal log-on credentials, this new class of malware allows the criminals to hi-jack the victim’s computer – the “criminals can even log into the victim’s machine to perform online banking transactions using the victim’s own account details, which is difficult for banks to detect as fraud… It is simply more profitable to control someone’s computer remotely and make large amounts of money than to simply steal victims’ online banking credentials.” This malware is so effective in stealing money that the APWG has coined a new term for it — crimeware – “malware designed specifically to automate identity theft and facilitate unauthorized transactions.”
Other disturbing trends reported included longer uptimes for criminal websites and the use of short URLs to evade spam filters and spoof URLs that are commonly shared using social networks. This chart from the APWG shows the rapid growth of the URL Shortener scheme:
This report concludes that phishing may not be growing in overall numbers (attacks, etc.), but the shift to crimeware makes the impact larger than ever, so users must take advantage of every defense available. eMail ID from Iconix is part of that defense by identifying real email from thousands of senders.