Auto toolkit phishing attacks continue to rise

Peter Dinham
Monday, 10 August 2009 14:31

Business IT - Technology

Phishers today use IP addresses as part of the hostname instead of a domain name, according to Symantec, and the company says this is a tactic used to hide the actual fake domain name that otherwise can be easily noticed.
 
A total of 1,067 phishing sites were hosted in 61 countries, Symantec says, adding that this amounted to a decrease of approximately 29 percent of IP attacks in comparison to the previous month.

Symantec also found that in July, the Greater China region accounted for approximately nine percent of IP attacks in the month, with the total number of IP attacks originating from the region reduced by 10 percent compared to June.

According to Symantec, it also recently observed an increase in phishing attacks abusing legitimate SSL certificates.

In the attacks, Symantec says that fraudsters have targeted the users of major brands by compromising Web servers with SSL certificates so that the fraudulent Web pages can display the familiar padlock icon, while offering a false sense of security to the victims.

“In this particular attack, the certificates were legitimate because they matched the compromised legitimate domain. The fake pages that were spoofing the target brands in actuality had no connection with the displayed domain or the certificate. A single compromised Web server with an SSL certificate can be used to host a broad range of phishing sites, and, can have a higher success rate to trick users gain trust in the fake site.”