Phishing attacks decrease, but respite may be short-lived

Peter Dinham
Sunday, 11 October 2009 05:39

Business IT - Security

Symantec said the fraudsters reported the issue as “unreported/underreported income” to instil a “sense of panic amongst the taxpayers”. It says the link directed the potential victim to a phishing Web page that requested to download and execute the tax statement file - “tax-statement.exe”, which in fact was a password stealing Trojan, and that the URLs in the phishing attack comprised of several recently created randomized domain names.

In its October report, Symantec also looked at the use of IPs in phishing attacks, and says that phishers today use IP addresses as part of the hostname instead of a domain name.
 
“This is a tactic employed to hide the actual fake domain name that otherwise can easily be noticed. As many banks use IP addresses in their website URLs, this establishes a precedent that spammers can follow as it raises less suspicion,” Symantec said.

According to Symantec, a total of 944 phishing sites were hosted in 60 countries in September, amounting to a decrease of approximately 15 percent of IP attacks in comparison to August.

Symantec reports that the United States continued to be the top ranked country hosting phishing sites, and that, although the proportion of IP attacks showed some increase for most of the regions, the numbers of IP attacks, with the exception of the Greater China region, have actually decreased. It said that the Greater China region accounted for approximately 18 percent of IP attacks in September, and the total number of IP attacks originating from the region, increased by 11 percent over August.