Phishing occurs when a fraudster sends an e-mail that contains a
link to a fraudulent web site where users are asked to provide
personal account information. The e-mail and web site are usually
disguised to appear to recipients as though they are from a trusted
service provider, financial institution or on-line merchant.
Thousands upon thousands of messages are sent out relating to
each phony web site – called "baiting" sites by the APWG. According
to the industry group's latest Phishing Activity Trends Report,
there were 6,597 new unique e-mail attacks in October alone and
1,142 unique baiting sites reported.
Most of these related to a small number of brand names – 44 in
October, with 80% of the attacks relating to only six brands (which
have not been named). The report identified financial services as
the sector with the most unique baiting sites (73%) while ISPs were
in second place at 14%.
The number of phishing sites increased massively from 5th
October, according to the report, which it suggests could be down
to the availability of toolkits (see The Register's coverage of
DIY
phishing kits) or that automation may be involved.
The report also notes that the number of phishing sites being
hosted on compromised PCs with broadband connections has risen to
over 50%. These are often known as zombie PCs or bot networks.
Poorly protected PCs are vulnerable to such exploitation by
hackers.
