Anti-Phishing Working Group Report

 

The Anti-Phishing Working Group (“APWG”) is worldwide watchdog organization composed of more than 1,800 companies, government agencies and solutions providers.  APWG is committed to wiping out internet scams and fraud.

The APWG just released their First Half 2010 Report.  You can get the full report here: http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_1H2010.pdf

The report discusses the disturbing trend we reported in our October 22, 2010 IRS Warning posting.  This is the trend of using fraudulent emails to trick people into infecting their own machines with malware.  The APWG explains that unlike the bad old days, where the criminals took victims to fake websites to steal log-on credentials, this new class of malware allows the criminals to hi-jack the victim’s computer – the “criminals can even log into the victim’s machine to perform online banking transactions using the victim’s own account details, which is difficult for banks to detect as fraud… It is simply more profitable to control someone’s computer remotely and make large amounts of money than to simply steal victims’ online banking credentials.”  This malware is so effective in stealing money that the APWG has coined a new term for it — crimeware – “malware designed specifically to automate identity theft and facilitate unauthorized transactions.”

Other disturbing trends reported included longer uptimes for criminal websites and the use of short URLs to evade spam filters and spoof URLs that are commonly shared using social networks.  This chart from the APWG shows the rapid growth of the URL Shortener scheme:

url shortener graph

This report concludes that phishing may not be growing in overall numbers (attacks, etc.), but the shift to crimeware makes the impact larger than ever, so users must take advantage of every defense available.  eMail ID from Iconix is part of that defense by identifying real email from thousands of senders.

Advertisements

2 Responses to Anti-Phishing Working Group Report

  1. […] clever phishing scam.  If you follow the link, your personal information may be compromised or crimeware may be installed on your machine.  Read the FDIC’s Special […]

  2. […] and provide data that can be used for identity theft.  Recently, criminals have resorted to using crimeware that takes remote control of the victim’s computer, thereby facilitating identity […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s