According to Symantec in its latest phishing report, if someone completed the form and clicked on the "print" button, what actually happened was that the confidential information was sent to a server utilising the fraud domain. (iTWire readers were warned of this phishing ploy in June.)
Symantec says in the scam it observed the new technique being used by scammers at the close of the financial year, with most of the phishing attacks traced back to compromised Web servers hosted in Germany and Australia.
However, “fortunately the Australian Taxation Office took serious note of the phishing attacks and worked diligently to gain control over it,” Symantec says.
In its report, Symantec also says it observed that in June 62 percent of all attacks around the world were from unique phishing Web sites, which included more than 208 targeted known brands. In the Asia Pacific region, including Australia, Symantec observed an overall increase of 21 per cent in phishing attacks in comparison to May.
Worldwide, Symantec reports that the unique attacks increased by 27 percent from the previous month, with the increase likely to be a result of phishers evading the phishing mitigation tactics of several web hosting companies to their benefit, and partially attributed to an overall increase in the volume of phishing activity in June.
CONTINUED page 2
According to Symantec it also observed that 38 percent of phishing URLs in the month of June were generated using phishing toolkits, with the number of toolkit attacks increasing by nine percent, including a sudden increase in toolkit attacks during the last week of June primarily targeting the information services sectors.
Symantec says “this particular toolkit attack is most likely related to a specific Command & Control server being reactivated,” further adding that “these attacks play a significant part in populating and updating underground economy servers with stolen personal data, marketed in the maturing underground economy.”
According to Symantec, a total of 1,503 phishing sites were hosted in 92 countries, amounting to an increase of approximately 21 percent of IP attacks in June in comparison to the previous month.
The report reveals that the Greater China region accounted for approximately 19 percent of IP attacks in the month, the highest observed from the Asia Pacific region, as compared to the previous months.
Free Web-hosting services has been the easiest form of phishing in terms of cost and technical skill required to develop fake sites, says Symantec, with a total of 143 different Web hosting services serving as the home for 2,814 phishing sites in the month of June.
Symantec also observed that there was a significant increase in the number of free Web-hosting services utilised for developing phishing sites, after analysing more than 77 brands based upon the geo-location of their Web hosts as well as the number of unique URL’s utilised to lure victims to the phishing Web hosts.
In June, Symantec also found that phishing attacks in Italian, French and Chinese languages were higher, with French language attacks returning to the top position after a gap of a couple of months. The security firm also says it observed that phishing Web sites in Italian and French language remained higher for some popular financial brands. Italian and French language phishing sites, it says, were mainly from the financial sector, while Chinese language phishing sites were from the e-commerce sector.