SlideShare a Scribd company logo
2009 Phishing Monthly Report, April




                 The State of Phishing
              A Monthly Report – April 2009

  Compiled by Symantec Security Response
              Anti-Fraud Team
2009 Phishing Monthly Report, April




Sainarayan Nambiar
Principal Author
Security Response

Suyog Sainkar
Principal Author
Security Response

David Cowings
Editor & Author

Yunsun Wee
Editor
Public Relations
ywee@symantec.com


Contributors
Zahid Raza
Researcher
Security Response

Rohan Shah
Researcher
Security Response

Ashutosh Raut
Researcher
Security Response

Ravish Bagul
Researcher
Security Response
2009 Phishing Monthly Report, April




Phishing Trends


The data in this report is aggregated from a combination of sources including
Symantec’s Phish Report Network (PRN), strategic partners, customers and
security solutions.

This report discusses the metrics and trends observed in phishing activity during
the month of April 2009.


Phishing Highlights


   •   The Phisher King: Phishing toolkits continued to professionalize fraud
       attacks. Symantec observed 25% of phishing URLs to be generated using
       phishing toolkits. Although there was a 19% increase in the toolkit attacks
       over the previous month, the proportion of toolkit attacks remained constant
       of the total phishing attacks observed in the month.

   •   Good Hosts Fry Phish: More than 113 Web hosting services were used,
       which accounted for 9% of all phishing attacks. Although Web hosting
       companies continued to improve their phishing mitigation tactics, phishing
       attacks using Web hosting services increased by 5% from the previous
       month. However when looking at the total number of phishing attacks
       observed in the month, the proportion of phishing attacks using Web hosting
       services actually decreased compared to the previous month.

   •   Phishing in International Waters: Among the non-English phishing sites,
       French language phishing sites were most frequently recorded followed by
       sites in Italian and Chinese language. A total of 3,650 non-English phishing
       sites were recorded in the month of April. This is an increase of 5% from the
       previous month. A rise in the non-English phishing sites in April can be the
       result of a slight increase in the total volume of phishing sites observed by
       Symantec, over the previous month.
2009 Phishing Monthly Report, April




Overall Statistics




Based on their domains, all phishing sites were categorized as Automated Toolkits
(25%), Typosquatting (1%), Free Web-hosting sites (9%), IP address domains
(7%), and other unique domains (58%). As compared to the previous month, an
increase was seen in the proportion of phishing sites using IP address domains.
For the second consecutive month in a row, Symantec observed that the number
of automated toolkit attacks remained at lower levels.
2009 Phishing Monthly Report, April




Phishing Sectors


Phishing sites in April were categorized and analyzed to understand the attack
methods and to determine the sectors and brands impacted by the attacks.

The following categories were analyzed:

   •   Sectors
   •   Number of brands
   •   Phishing toolkits
   •   Fraud URLs with IP addresses
   •   Phish sites that use IP address domains – categorized by hosted cities
   •   Use of Web-hosting sites
   •   Geo-locations of phishing sites
   •   Non-English phishing sites
   •   Top-Level domains of phishing sites
   •   Country of brand
2009 Phishing Monthly Report, April




Sectors


Phishing URLs were categorized based on the sector by evaluating the brands
attacked by the phishing Web sites.
2009 Phishing Monthly Report, April




Number of Brands


      Symantec observed that 75% of the total attacks were from unique phishing
      Web sites, which included more than 227 known brands being targeted by
      phishers.

      The unique attacks increased by 25% from the previous month. However, of
      the total phishing attacks, there was no increase observed in unique
      phishing websites from the previous month as a result of the proportionate
      increase observed in the toolkit activity in the month.


Automated Phishing Toolkits


During the month, Symantec observed that 25% phishing URLs were generated
using phishing toolkits. Although this was a 19% increase from the previous month,
there was no rise in the proportion of toolkit attacks of the total phishing attacks.

Symantec observed that there was a drop in the toolkit attacks in-between the
month, primarily in the Information Services sector. Besides, the toolkit attacks in
this period towards the Financial sector were also observed to be at a lower level
of activity than the rest of the month. Symantec observed that a previously widely
used toolkit attack targeting a particular financial brand was discontinued in April
contributing to the decline in financial toolkit attacks. As toolkit activity often
fluctuates with Command & Control servers and botnets going up and down, this is
likely related to a specific Command & Control server being taken down.
2009 Phishing Monthly Report, April




Weekly behavior of attacks from phish kits:




Fraud Attacks Using IP Addresses


Phishers today use IP addresses as part of the hostname instead of a domain
name. This is a tactic used to hide the actual fake domain name that otherwise can
be easily noticed. Also, many banks use IP addresses in their Web site URLs. This
makes it confusing for customers from distinguishing a legitimate brand IP from a
fake IP address.
2009 Phishing Monthly Report, April




A total of 1260 phish sites were hosted in 74 countries. This accounted for an
increase of approximately 53% of IP attacks in comparison to the previous month.
The Asian countries of China and Taiwan accounted for approximately 10% of IP
attacks in the month. Czech Republic which is usually not in the list of top ten
countries where phishing sites are hosted surprisingly featured in the second
position this month after United States.


 April 2009    March 2009                    April 2009         March 2009
                               Country                                                  Change
   Rank          Rank                        Percentage         Percentage

     1             1         United States      32%                 37%                  -5%

                                                          Not listed in the top five
     2             32       Czech Republic      12%                                       N/A
                                                          regions of phish origin
     3             2            China           7%                  11%                  -4%

     4             4        United Kingdom      3%                   3%                No Change

                                                          Not listed in the top five
     5             9            Taiwan          3%                                        N/A
                                                          regions of phish origin
2009 Phishing Monthly Report, April




A study of two sources “Global Web-hosting Companies” 1and “Internet World
Users”2 provide some insight into the behavior of phishing for the countries
mentioned in the chart. Two sets of statistics “leading Web hosting companies
having maximum users” and “the countries with most Internet users” were
examined. By correlating these we find that the USA, China, Japan, India,
Germany, France, UK, South Korea are amongst the leading countries with most
internet users.


Phish Sites That Use IP Address Domains – Categorized By Hosted Cities


Among the fraud attacks using IP addresses, the countries hosting phishing sites
were further narrowed down to locate their city of origin. For the month of April a
couple of new cities featured in this category. The top cities hosting the phish sites
were Opava, Bensalem and Atlanta. The Czech Republican city of Opava which
never appeared as a city hosting phish sites using IP addresses was the topmost
city in the month, with a large number of phish sites originating from this region.
Likewise, the city of Bensalem in the Pennsylvanian state of United States had
previously never featured in this section. Guatemala City, the capital city of
Republic of Guatemala was another new entrant in the top cities hosting phish
sites with IP addresses.




1
    http://www.webhosting.info/webhosts/tophosts/global/
2
    http://www.internetworldstats.com/stats.htm
2009 Phishing Monthly Report, April




Use of Web-Hosting Sites


For phishers, usage of free Web hosting services has been the easiest form of
phishing in terms of cost and technical skill required to develop fake sites.

      113 Web hosting services were used with 1,794 Web sites for hosting phish
      pages.
      More than 67 brands were attacked using this method in the reporting
      period.

However, this form of attack is not as widely used as it frequently requires manual
efforts to prepare the phishing Web page, unlike the automated kit generated Web sites.
These types of attacks are also suspended without much delay once they have been
reported by end users as fraud. This makes it a less preferred method for professional
attackers.
2009 Phishing Monthly Report, April




Geo-Location of Phishing Sites


Phishing sites were analyzed based upon the geo-location of their Web hosts as
well as the number of unique URL’s utilized to lure victims to the phishing Web
hosts.

   1. Global Distribution of Active Phishing Lures

Geo-locations were evaluated based upon unique URLs of active phishing sites. The
top countries were found to be the USA (34%), United Kingdom (5%) and South Korea
(5%). The proportion of active phishing lures was more evenly distributed for the rest of
the locations. It is interesting to observe this newly evolving trend as was seen in the
previous month as well.
2009 Phishing Monthly Report, April




   2. Global Distribution of Phishing Web Hosts

The Web hosts IPs for active phishing sites were analyzed to determine their geo-
locations. The top countries are the USA (42%), Romania (5%) and Russia (5%).
Similar to the distribution of active phishing lures, the proportion of the phishing
Web hosts to some degree was evenly distributed over the rest of the locations.
2009 Phishing Monthly Report, April




Non-English Phishing Sites




Phishing attacks in French, Italian and Chinese language were evaluated to be
higher in April. French language attacks overtook attacks in Italian language to
reach the top position. Symantec observed that phishing Web sites in French
language were more than the usual level for a popular brand that resulted in the
variation this month. French and Italian language phishing sites were mainly from
the Financial sector, while Chinese language phishing sites were from the E-
Commerce sector. By correlating statistics on Internet users worldwide3 and the
top global financial brands4 and limiting them to non-English phishing sites, we
obtained some significant figures. The Internet usage in France is nearly 35 million,
Italy approximately 33 million, China approximately 253 million and 50 million in
Brazil. These countries represent a fairly large population of non-English Internet
users who are customers to large financial companies. This provides significant
evidence to find more phishing attacks in these languages.


3
    http://www.internetworldstats.com/stats.htm
4
    http://www.forbes.com/lists/2008/18/biz_2000global08_The-Global-2000_Rank.html
2009 Phishing Monthly Report, April




Top-Level Domains of Phishing Sites


Overall TLDs
Phishing URLs were categorized based on the Top-Level Domains (TLD). The
most used TLDs in phishing sites this month are .com, .net and .org comprising of
(50%), (9%) and (5%) respectively.

The Top-Level Domains in phishing were further categorized:

1. Generic Top-Level Domains (gTLDs)
The generic TLDs .com, .net and .org were the most utilized with (72%), (12%) and
(7%) of the total phish attacks respectively.

2. Country Code Top-Level Domains (ccTLDs)
The Russian, Chinese and French ccTLDs were evaluated to be the highest in
phishing attacks with (13%), (9%) and (7%) respectively.
2009 Phishing Monthly Report, April
2009 Phishing Monthly Report, April




Country of Brand




The brands that the phishing sites spoofed were categorized based on the country
in which the brand’s parent company is based. The top countries of brands
attacked in April are the USA, UK and Italy. There were 27 countries whose brands
were attacked. Sectors being targeted are similar throughout the countries of
brands except for those belonging to Germany and China. There was a
combination of Banking, E-Commerce and Information Services sectors in
Germany. In the case of China, the E-Commerce sector has been a primary target.
There was an increase observed in the Banking sector brands belonging to India.
2009 Phishing Monthly Report, April




    Glossary


•   Phishing Toolkits: Phishing toolkits are automated toolkits that facilitate the
    creation of phishing Web sites. They allow individuals to create and carry out
    phishing attacks even without any technical knowledge.

•   Unique Phishing Web site: The phishing Web sites that have a unique Web page
    are classified as “Unique Phishing Web sites”. URLs from phishing toolkits that
    randomize their URL string are observed to point to the same Web page and do
    not contain a unique Web page in each URL. Unique Phishing Web sites are the
    ones where each attack is categorized on distinct Web Pages.

•   Web-Hosting: Type of Internet hosting service which allows individuals and
    organizations to put up their own Web sites. These Web sites run on the space of
    Web host company servers accessible via the World Wide Web. There are
    different types of Web hosting services namely, free Web hosting, shared Web
    hosting, dedicated Web hosting, managed Web hosting, etc. of which the free
    Web hosting service is commonly used to create phishing Web sites.

•   Typo-Squatting: Typo-squatting refers to the practice of registering domain names
    that are typo variations of financial institution Web sites or other popular Web sites.

•   A Top-Level Domain (TLD) sometimes referred to as a Top-Level Domain Name
    (TLDN): It is the last part of an Internet domain name; that is, the letters that follow
    the final dot of any domain name. For example, in the domain name
    www.example.com, the Top-Level Domain is com (or COM, as domain names are
    not case-sensitive).

•   Country Code Top-Level Domains (ccTLD): Used by a country or a dependent
    territory. It is two letters long, for example .us for the United States.

•   Generic Top-Level Domains (gTLD): Used by a particular class of organizations
    (for example, .com for commercial organizations). It is three or more letters long.
    Most gTLDs are available for use worldwide, but for historical reasons .mil
    (military) and .gov (governmental) are restricted to use by the respective U.S.
    Authorities. gTLDs are sub classified into sponsored Top-Level Domains (sTLD),
    e.g. .aero, .coop and .museum, and un-sponsored Top-Level Domains (uTLD), e.g.
    .biz, .info, .name and .pro.

More Related Content

What's hot

Apwg trends report_q4_2015
Apwg trends report_q4_2015Apwg trends report_q4_2015
Apwg trends report_q4_2015
Andrey Apuhtin
 
Symantec Intelligence Report: February 2015
Symantec Intelligence Report: February 2015Symantec Intelligence Report: February 2015
Symantec Intelligence Report: February 2015
Symantec
 
RSA Monthly Online Fraud Report -- October 2013
RSA Monthly Online Fraud Report -- October 2013RSA Monthly Online Fraud Report -- October 2013
RSA Monthly Online Fraud Report -- October 2013
EMC
 
Symantec Intelligence Report December 2014
Symantec Intelligence Report December 2014Symantec Intelligence Report December 2014
Symantec Intelligence Report December 2014
Symantec
 
Stop badware infected_sites_report_062408
Stop badware infected_sites_report_062408Stop badware infected_sites_report_062408
Stop badware infected_sites_report_062408
Attaporn Ninsuwan
 
Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...
Symantec Security Response
 
Symantec Intelligence Report 2013
Symantec Intelligence Report 2013Symantec Intelligence Report 2013
Symantec Intelligence Report 2013
haemmerle-consulting
 
Iranian Hackers Have Hit Hundreds of Companies in Past Two Years
Iranian Hackers Have Hit Hundreds of Companies in Past Two YearsIranian Hackers Have Hit Hundreds of Companies in Past Two Years
Iranian Hackers Have Hit Hundreds of Companies in Past Two Years
LUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
Arrott Htcia St Johns 101020
Arrott Htcia St Johns 101020Arrott Htcia St Johns 101020
Arrott Htcia St Johns 101020
Anthony Arrott
 
Breach level index_report_2017_gemalto
Breach level index_report_2017_gemaltoBreach level index_report_2017_gemalto
Breach level index_report_2017_gemalto
Jonas Mercier
 
Звіт Facebook
Звіт FacebookЗвіт Facebook
Звіт Facebook
BabelNews
 
Raport Symantec Malware 2010
Raport Symantec Malware 2010Raport Symantec Malware 2010
Raport Symantec Malware 2010
Transmix Romania
 
TNS Infographic - Data Breach Targets Revealed
TNS Infographic - Data Breach Targets RevealedTNS Infographic - Data Breach Targets Revealed
TNS Infographic - Data Breach Targets Revealed
TNSIMarketing
 
Symantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec Report On Rogue Security Software
Symantec Report On Rogue Security Software
Symantec
 
Seven Stats on Social Media Security (Nov 2013)
Seven Stats on Social Media Security (Nov 2013)Seven Stats on Social Media Security (Nov 2013)
Seven Stats on Social Media Security (Nov 2013)
Nexgate
 
The State of Internet Security: Web Attaks Take Over
The State of Internet Security: Web Attaks Take OverThe State of Internet Security: Web Attaks Take Over
The State of Internet Security: Web Attaks Take Over
JAX Chamber IT Council
 

What's hot (16)

Apwg trends report_q4_2015
Apwg trends report_q4_2015Apwg trends report_q4_2015
Apwg trends report_q4_2015
 
Symantec Intelligence Report: February 2015
Symantec Intelligence Report: February 2015Symantec Intelligence Report: February 2015
Symantec Intelligence Report: February 2015
 
RSA Monthly Online Fraud Report -- October 2013
RSA Monthly Online Fraud Report -- October 2013RSA Monthly Online Fraud Report -- October 2013
RSA Monthly Online Fraud Report -- October 2013
 
Symantec Intelligence Report December 2014
Symantec Intelligence Report December 2014Symantec Intelligence Report December 2014
Symantec Intelligence Report December 2014
 
Stop badware infected_sites_report_062408
Stop badware infected_sites_report_062408Stop badware infected_sites_report_062408
Stop badware infected_sites_report_062408
 
Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...
 
Symantec Intelligence Report 2013
Symantec Intelligence Report 2013Symantec Intelligence Report 2013
Symantec Intelligence Report 2013
 
Iranian Hackers Have Hit Hundreds of Companies in Past Two Years
Iranian Hackers Have Hit Hundreds of Companies in Past Two YearsIranian Hackers Have Hit Hundreds of Companies in Past Two Years
Iranian Hackers Have Hit Hundreds of Companies in Past Two Years
 
Arrott Htcia St Johns 101020
Arrott Htcia St Johns 101020Arrott Htcia St Johns 101020
Arrott Htcia St Johns 101020
 
Breach level index_report_2017_gemalto
Breach level index_report_2017_gemaltoBreach level index_report_2017_gemalto
Breach level index_report_2017_gemalto
 
Звіт Facebook
Звіт FacebookЗвіт Facebook
Звіт Facebook
 
Raport Symantec Malware 2010
Raport Symantec Malware 2010Raport Symantec Malware 2010
Raport Symantec Malware 2010
 
TNS Infographic - Data Breach Targets Revealed
TNS Infographic - Data Breach Targets RevealedTNS Infographic - Data Breach Targets Revealed
TNS Infographic - Data Breach Targets Revealed
 
Symantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec Report On Rogue Security Software
Symantec Report On Rogue Security Software
 
Seven Stats on Social Media Security (Nov 2013)
Seven Stats on Social Media Security (Nov 2013)Seven Stats on Social Media Security (Nov 2013)
Seven Stats on Social Media Security (Nov 2013)
 
The State of Internet Security: Web Attaks Take Over
The State of Internet Security: Web Attaks Take OverThe State of Internet Security: Web Attaks Take Over
The State of Internet Security: Web Attaks Take Over
 

Similar to Symantec Physhing Report Aprile 2009

Phishing Report Gennaio 2010
Phishing Report Gennaio 2010Phishing Report Gennaio 2010
Phishing Report Gennaio 2010
Symantec Italia
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010
Symantec Italia
 
Symantec Intelligence Report September 2014
Symantec Intelligence Report September 2014Symantec Intelligence Report September 2014
Symantec Intelligence Report September 2014
Symantec
 
Symantec Intelligence Report
Symantec Intelligence ReportSymantec Intelligence Report
Symantec Intelligence Report
Symantec
 
Apwg trends report_q1_2016
Apwg trends report_q1_2016Apwg trends report_q1_2016
Apwg trends report_q1_2016
Andrey Apuhtin
 
Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014
Symantec
 
Apwg trends report_q4_2016
Apwg trends report_q4_2016Apwg trends report_q4_2016
Apwg trends report_q4_2016
Andrey Apuhtin
 
Intelligence report-06-2015.en-us[1]
Intelligence report-06-2015.en-us[1]Intelligence report-06-2015.en-us[1]
Intelligence report-06-2015.en-us[1]
Sergey Ulankin
 
Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014
Symantec
 
Oct 2011 Threats Trend Report
Oct 2011 Threats Trend ReportOct 2011 Threats Trend Report
Oct 2011 Threats Trend Report
Cyren, Inc
 
Symantec Intelligence Report: May 2015
Symantec Intelligence Report: May 2015Symantec Intelligence Report: May 2015
Symantec Intelligence Report: May 2015
Symantec
 
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Cyphort
 
Symantec Intelligence Report - Oct 2015
Symantec Intelligence Report - Oct 2015Symantec Intelligence Report - Oct 2015
Symantec Intelligence Report - Oct 2015
CheapSSLUSA
 
Kaspersky lab financial_cyberthreats_in_2017
Kaspersky lab financial_cyberthreats_in_2017Kaspersky lab financial_cyberthreats_in_2017
Kaspersky lab financial_cyberthreats_in_2017
malvvv
 
Malwarebytes labs 2019 - state of malware report 2
Malwarebytes labs 2019 - state of malware report 2Malwarebytes labs 2019 - state of malware report 2
Malwarebytes labs 2019 - state of malware report 2
Felipe Prado
 
The Executive's Guide to the 2016 Global Threat Intelligence Report
The Executive's Guide to the 2016 Global Threat Intelligence ReportThe Executive's Guide to the 2016 Global Threat Intelligence Report
The Executive's Guide to the 2016 Global Threat Intelligence Report
Simona Franciosi
 
Security Trends to Watch in 2010 - A Mid-Year Status Check
Security Trends to Watch in 2010 - A Mid-Year Status Check Security Trends to Watch in 2010 - A Mid-Year Status Check
Security Trends to Watch in 2010 - A Mid-Year Status Check
Symantec
 
WatchGuard Internet Security Report
WatchGuard Internet Security ReportWatchGuard Internet Security Report
WatchGuard Internet Security Report
BAKOTECH
 
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
Jeff Martinez
 
Jenny test
Jenny testJenny test
Jenny test
Jenny Rothenberg
 

Similar to Symantec Physhing Report Aprile 2009 (20)

Phishing Report Gennaio 2010
Phishing Report Gennaio 2010Phishing Report Gennaio 2010
Phishing Report Gennaio 2010
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010
 
Symantec Intelligence Report September 2014
Symantec Intelligence Report September 2014Symantec Intelligence Report September 2014
Symantec Intelligence Report September 2014
 
Symantec Intelligence Report
Symantec Intelligence ReportSymantec Intelligence Report
Symantec Intelligence Report
 
Apwg trends report_q1_2016
Apwg trends report_q1_2016Apwg trends report_q1_2016
Apwg trends report_q1_2016
 
Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014
 
Apwg trends report_q4_2016
Apwg trends report_q4_2016Apwg trends report_q4_2016
Apwg trends report_q4_2016
 
Intelligence report-06-2015.en-us[1]
Intelligence report-06-2015.en-us[1]Intelligence report-06-2015.en-us[1]
Intelligence report-06-2015.en-us[1]
 
Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014
 
Oct 2011 Threats Trend Report
Oct 2011 Threats Trend ReportOct 2011 Threats Trend Report
Oct 2011 Threats Trend Report
 
Symantec Intelligence Report: May 2015
Symantec Intelligence Report: May 2015Symantec Intelligence Report: May 2015
Symantec Intelligence Report: May 2015
 
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
 
Symantec Intelligence Report - Oct 2015
Symantec Intelligence Report - Oct 2015Symantec Intelligence Report - Oct 2015
Symantec Intelligence Report - Oct 2015
 
Kaspersky lab financial_cyberthreats_in_2017
Kaspersky lab financial_cyberthreats_in_2017Kaspersky lab financial_cyberthreats_in_2017
Kaspersky lab financial_cyberthreats_in_2017
 
Malwarebytes labs 2019 - state of malware report 2
Malwarebytes labs 2019 - state of malware report 2Malwarebytes labs 2019 - state of malware report 2
Malwarebytes labs 2019 - state of malware report 2
 
The Executive's Guide to the 2016 Global Threat Intelligence Report
The Executive's Guide to the 2016 Global Threat Intelligence ReportThe Executive's Guide to the 2016 Global Threat Intelligence Report
The Executive's Guide to the 2016 Global Threat Intelligence Report
 
Security Trends to Watch in 2010 - A Mid-Year Status Check
Security Trends to Watch in 2010 - A Mid-Year Status Check Security Trends to Watch in 2010 - A Mid-Year Status Check
Security Trends to Watch in 2010 - A Mid-Year Status Check
 
WatchGuard Internet Security Report
WatchGuard Internet Security ReportWatchGuard Internet Security Report
WatchGuard Internet Security Report
 
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
 
Jenny test
Jenny testJenny test
Jenny test
 

More from Freedata Labs

Smau Milano 2014 - Per fare un buon Storytelling ci vuole una buona Social In...
Smau Milano 2014 - Per fare un buon Storytelling ci vuole una buona Social In...Smau Milano 2014 - Per fare un buon Storytelling ci vuole una buona Social In...
Smau Milano 2014 - Per fare un buon Storytelling ci vuole una buona Social In...
Freedata Labs
 
B2B e Social Media: come trasformare i dipendenti in Brand Ambassador
B2B e Social Media: come trasformare i dipendenti in Brand AmbassadorB2B e Social Media: come trasformare i dipendenti in Brand Ambassador
B2B e Social Media: come trasformare i dipendenti in Brand Ambassador
Freedata Labs
 
#NoFrills14 - Social Business Intelligence per il turismo.
#NoFrills14 - Social Business Intelligence per il turismo.#NoFrills14 - Social Business Intelligence per il turismo.
#NoFrills14 - Social Business Intelligence per il turismo.
Freedata Labs
 
Social Listening: come sfruttare la social intellingence per guidare le data-...
Social Listening: come sfruttare la social intellingence per guidare le data-...Social Listening: come sfruttare la social intellingence per guidare le data-...
Social Listening: come sfruttare la social intellingence per guidare le data-...
Freedata Labs
 
Moving beyond Social Listening: how to use Social Intellingence to power data...
Moving beyond Social Listening: how to use Social Intellingence to power data...Moving beyond Social Listening: how to use Social Intellingence to power data...
Moving beyond Social Listening: how to use Social Intellingence to power data...
Freedata Labs
 
SMAU Firenze 2014 - Social Media e B2B, il caso Nexive
SMAU Firenze 2014 - Social Media e B2B, il caso NexiveSMAU Firenze 2014 - Social Media e B2B, il caso Nexive
SMAU Firenze 2014 - Social Media e B2B, il caso Nexive
Freedata Labs
 
La Social Intelligence per guidare la customer experience nel B2B
La Social Intelligence per guidare la customer experience nel B2BLa Social Intelligence per guidare la customer experience nel B2B
La Social Intelligence per guidare la customer experience nel B2B
Freedata Labs
 
SMAU Bologna 2014 - Social Media e B2B, il rebranding Nexive
SMAU Bologna 2014 - Social Media e B2B, il rebranding Nexive SMAU Bologna 2014 - Social Media e B2B, il rebranding Nexive
SMAU Bologna 2014 - Social Media e B2B, il rebranding Nexive
Freedata Labs
 
Case History - SAP Italia - Gamification per rafforzare il posizionamento sui...
Case History - SAP Italia - Gamification per rafforzare il posizionamento sui...Case History - SAP Italia - Gamification per rafforzare il posizionamento sui...
Case History - SAP Italia - Gamification per rafforzare il posizionamento sui...
Freedata Labs
 
SMAU Torino 2014 - I social media stanno conquistando il mercato B2B
SMAU Torino 2014 - I social media stanno conquistando il mercato B2BSMAU Torino 2014 - I social media stanno conquistando il mercato B2B
SMAU Torino 2014 - I social media stanno conquistando il mercato B2B
Freedata Labs
 
Case History - Manfrotto - Web Listening per comprendere le dinamiche del mer...
Case History - Manfrotto - Web Listening per comprendere le dinamiche del mer...Case History - Manfrotto - Web Listening per comprendere le dinamiche del mer...
Case History - Manfrotto - Web Listening per comprendere le dinamiche del mer...
Freedata Labs
 
SMAU Padova 2014 - B2B e social media le sfide e le opportunità
SMAU Padova 2014 - B2B e social media le sfide e le opportunitàSMAU Padova 2014 - B2B e social media le sfide e le opportunità
SMAU Padova 2014 - B2B e social media le sfide e le opportunità
Freedata Labs
 
Ascoltare il web - articolo a cura di Valeria Severini, CEO Freedata Labs
Ascoltare il web - articolo a cura di Valeria Severini, CEO Freedata LabsAscoltare il web - articolo a cura di Valeria Severini, CEO Freedata Labs
Ascoltare il web - articolo a cura di Valeria Severini, CEO Freedata Labs
Freedata Labs
 
SMX Milano 2013 - The voice of the consumer, social media & consumer reviews
SMX Milano 2013 - The voice of the consumer, social media & consumer reviewsSMX Milano 2013 - The voice of the consumer, social media & consumer reviews
SMX Milano 2013 - The voice of the consumer, social media & consumer reviews
Freedata Labs
 
SMX Milano 2013 - Customer acquisition through social media & social data
SMX Milano 2013 - Customer acquisition through social media & social dataSMX Milano 2013 - Customer acquisition through social media & social data
SMX Milano 2013 - Customer acquisition through social media & social data
Freedata Labs
 
SMAU Milano 2013 - Il caso TNT post Italia
SMAU Milano 2013 - Il caso TNT post ItaliaSMAU Milano 2013 - Il caso TNT post Italia
SMAU Milano 2013 - Il caso TNT post Italia
Freedata Labs
 
Social Responsibility: i Social Media per comunicare i valori aziendali
Social Responsibility: i Social Media per comunicare i valori aziendaliSocial Responsibility: i Social Media per comunicare i valori aziendali
Social Responsibility: i Social Media per comunicare i valori aziendali
Freedata Labs
 
WorldCommunicationForum 2013 - Le opportunità del Social Commerce
WorldCommunicationForum 2013 - Le opportunità del Social CommerceWorldCommunicationForum 2013 - Le opportunità del Social Commerce
WorldCommunicationForum 2013 - Le opportunità del Social Commerce
Freedata Labs
 
"Social Media Analytics: il marketing diventa sempre più datacentrico" - Free...
"Social Media Analytics: il marketing diventa sempre più datacentrico" - Free..."Social Media Analytics: il marketing diventa sempre più datacentrico" - Free...
"Social Media Analytics: il marketing diventa sempre più datacentrico" - Free...
Freedata Labs
 
SCHF 2012 - Fare SMM nel B2B - L’esperienza SAP Italia
SCHF 2012 - Fare SMM nel B2B - L’esperienza SAP Italia SCHF 2012 - Fare SMM nel B2B - L’esperienza SAP Italia
SCHF 2012 - Fare SMM nel B2B - L’esperienza SAP Italia
Freedata Labs
 

More from Freedata Labs (20)

Smau Milano 2014 - Per fare un buon Storytelling ci vuole una buona Social In...
Smau Milano 2014 - Per fare un buon Storytelling ci vuole una buona Social In...Smau Milano 2014 - Per fare un buon Storytelling ci vuole una buona Social In...
Smau Milano 2014 - Per fare un buon Storytelling ci vuole una buona Social In...
 
B2B e Social Media: come trasformare i dipendenti in Brand Ambassador
B2B e Social Media: come trasformare i dipendenti in Brand AmbassadorB2B e Social Media: come trasformare i dipendenti in Brand Ambassador
B2B e Social Media: come trasformare i dipendenti in Brand Ambassador
 
#NoFrills14 - Social Business Intelligence per il turismo.
#NoFrills14 - Social Business Intelligence per il turismo.#NoFrills14 - Social Business Intelligence per il turismo.
#NoFrills14 - Social Business Intelligence per il turismo.
 
Social Listening: come sfruttare la social intellingence per guidare le data-...
Social Listening: come sfruttare la social intellingence per guidare le data-...Social Listening: come sfruttare la social intellingence per guidare le data-...
Social Listening: come sfruttare la social intellingence per guidare le data-...
 
Moving beyond Social Listening: how to use Social Intellingence to power data...
Moving beyond Social Listening: how to use Social Intellingence to power data...Moving beyond Social Listening: how to use Social Intellingence to power data...
Moving beyond Social Listening: how to use Social Intellingence to power data...
 
SMAU Firenze 2014 - Social Media e B2B, il caso Nexive
SMAU Firenze 2014 - Social Media e B2B, il caso NexiveSMAU Firenze 2014 - Social Media e B2B, il caso Nexive
SMAU Firenze 2014 - Social Media e B2B, il caso Nexive
 
La Social Intelligence per guidare la customer experience nel B2B
La Social Intelligence per guidare la customer experience nel B2BLa Social Intelligence per guidare la customer experience nel B2B
La Social Intelligence per guidare la customer experience nel B2B
 
SMAU Bologna 2014 - Social Media e B2B, il rebranding Nexive
SMAU Bologna 2014 - Social Media e B2B, il rebranding Nexive SMAU Bologna 2014 - Social Media e B2B, il rebranding Nexive
SMAU Bologna 2014 - Social Media e B2B, il rebranding Nexive
 
Case History - SAP Italia - Gamification per rafforzare il posizionamento sui...
Case History - SAP Italia - Gamification per rafforzare il posizionamento sui...Case History - SAP Italia - Gamification per rafforzare il posizionamento sui...
Case History - SAP Italia - Gamification per rafforzare il posizionamento sui...
 
SMAU Torino 2014 - I social media stanno conquistando il mercato B2B
SMAU Torino 2014 - I social media stanno conquistando il mercato B2BSMAU Torino 2014 - I social media stanno conquistando il mercato B2B
SMAU Torino 2014 - I social media stanno conquistando il mercato B2B
 
Case History - Manfrotto - Web Listening per comprendere le dinamiche del mer...
Case History - Manfrotto - Web Listening per comprendere le dinamiche del mer...Case History - Manfrotto - Web Listening per comprendere le dinamiche del mer...
Case History - Manfrotto - Web Listening per comprendere le dinamiche del mer...
 
SMAU Padova 2014 - B2B e social media le sfide e le opportunità
SMAU Padova 2014 - B2B e social media le sfide e le opportunitàSMAU Padova 2014 - B2B e social media le sfide e le opportunità
SMAU Padova 2014 - B2B e social media le sfide e le opportunità
 
Ascoltare il web - articolo a cura di Valeria Severini, CEO Freedata Labs
Ascoltare il web - articolo a cura di Valeria Severini, CEO Freedata LabsAscoltare il web - articolo a cura di Valeria Severini, CEO Freedata Labs
Ascoltare il web - articolo a cura di Valeria Severini, CEO Freedata Labs
 
SMX Milano 2013 - The voice of the consumer, social media & consumer reviews
SMX Milano 2013 - The voice of the consumer, social media & consumer reviewsSMX Milano 2013 - The voice of the consumer, social media & consumer reviews
SMX Milano 2013 - The voice of the consumer, social media & consumer reviews
 
SMX Milano 2013 - Customer acquisition through social media & social data
SMX Milano 2013 - Customer acquisition through social media & social dataSMX Milano 2013 - Customer acquisition through social media & social data
SMX Milano 2013 - Customer acquisition through social media & social data
 
SMAU Milano 2013 - Il caso TNT post Italia
SMAU Milano 2013 - Il caso TNT post ItaliaSMAU Milano 2013 - Il caso TNT post Italia
SMAU Milano 2013 - Il caso TNT post Italia
 
Social Responsibility: i Social Media per comunicare i valori aziendali
Social Responsibility: i Social Media per comunicare i valori aziendaliSocial Responsibility: i Social Media per comunicare i valori aziendali
Social Responsibility: i Social Media per comunicare i valori aziendali
 
WorldCommunicationForum 2013 - Le opportunità del Social Commerce
WorldCommunicationForum 2013 - Le opportunità del Social CommerceWorldCommunicationForum 2013 - Le opportunità del Social Commerce
WorldCommunicationForum 2013 - Le opportunità del Social Commerce
 
"Social Media Analytics: il marketing diventa sempre più datacentrico" - Free...
"Social Media Analytics: il marketing diventa sempre più datacentrico" - Free..."Social Media Analytics: il marketing diventa sempre più datacentrico" - Free...
"Social Media Analytics: il marketing diventa sempre più datacentrico" - Free...
 
SCHF 2012 - Fare SMM nel B2B - L’esperienza SAP Italia
SCHF 2012 - Fare SMM nel B2B - L’esperienza SAP Italia SCHF 2012 - Fare SMM nel B2B - L’esperienza SAP Italia
SCHF 2012 - Fare SMM nel B2B - L’esperienza SAP Italia
 

Recently uploaded

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 

Recently uploaded (20)

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 

Symantec Physhing Report Aprile 2009

  • 1. 2009 Phishing Monthly Report, April The State of Phishing A Monthly Report – April 2009 Compiled by Symantec Security Response Anti-Fraud Team
  • 2. 2009 Phishing Monthly Report, April Sainarayan Nambiar Principal Author Security Response Suyog Sainkar Principal Author Security Response David Cowings Editor & Author Yunsun Wee Editor Public Relations ywee@symantec.com Contributors Zahid Raza Researcher Security Response Rohan Shah Researcher Security Response Ashutosh Raut Researcher Security Response Ravish Bagul Researcher Security Response
  • 3. 2009 Phishing Monthly Report, April Phishing Trends The data in this report is aggregated from a combination of sources including Symantec’s Phish Report Network (PRN), strategic partners, customers and security solutions. This report discusses the metrics and trends observed in phishing activity during the month of April 2009. Phishing Highlights • The Phisher King: Phishing toolkits continued to professionalize fraud attacks. Symantec observed 25% of phishing URLs to be generated using phishing toolkits. Although there was a 19% increase in the toolkit attacks over the previous month, the proportion of toolkit attacks remained constant of the total phishing attacks observed in the month. • Good Hosts Fry Phish: More than 113 Web hosting services were used, which accounted for 9% of all phishing attacks. Although Web hosting companies continued to improve their phishing mitigation tactics, phishing attacks using Web hosting services increased by 5% from the previous month. However when looking at the total number of phishing attacks observed in the month, the proportion of phishing attacks using Web hosting services actually decreased compared to the previous month. • Phishing in International Waters: Among the non-English phishing sites, French language phishing sites were most frequently recorded followed by sites in Italian and Chinese language. A total of 3,650 non-English phishing sites were recorded in the month of April. This is an increase of 5% from the previous month. A rise in the non-English phishing sites in April can be the result of a slight increase in the total volume of phishing sites observed by Symantec, over the previous month.
  • 4. 2009 Phishing Monthly Report, April Overall Statistics Based on their domains, all phishing sites were categorized as Automated Toolkits (25%), Typosquatting (1%), Free Web-hosting sites (9%), IP address domains (7%), and other unique domains (58%). As compared to the previous month, an increase was seen in the proportion of phishing sites using IP address domains. For the second consecutive month in a row, Symantec observed that the number of automated toolkit attacks remained at lower levels.
  • 5. 2009 Phishing Monthly Report, April Phishing Sectors Phishing sites in April were categorized and analyzed to understand the attack methods and to determine the sectors and brands impacted by the attacks. The following categories were analyzed: • Sectors • Number of brands • Phishing toolkits • Fraud URLs with IP addresses • Phish sites that use IP address domains – categorized by hosted cities • Use of Web-hosting sites • Geo-locations of phishing sites • Non-English phishing sites • Top-Level domains of phishing sites • Country of brand
  • 6. 2009 Phishing Monthly Report, April Sectors Phishing URLs were categorized based on the sector by evaluating the brands attacked by the phishing Web sites.
  • 7. 2009 Phishing Monthly Report, April Number of Brands Symantec observed that 75% of the total attacks were from unique phishing Web sites, which included more than 227 known brands being targeted by phishers. The unique attacks increased by 25% from the previous month. However, of the total phishing attacks, there was no increase observed in unique phishing websites from the previous month as a result of the proportionate increase observed in the toolkit activity in the month. Automated Phishing Toolkits During the month, Symantec observed that 25% phishing URLs were generated using phishing toolkits. Although this was a 19% increase from the previous month, there was no rise in the proportion of toolkit attacks of the total phishing attacks. Symantec observed that there was a drop in the toolkit attacks in-between the month, primarily in the Information Services sector. Besides, the toolkit attacks in this period towards the Financial sector were also observed to be at a lower level of activity than the rest of the month. Symantec observed that a previously widely used toolkit attack targeting a particular financial brand was discontinued in April contributing to the decline in financial toolkit attacks. As toolkit activity often fluctuates with Command & Control servers and botnets going up and down, this is likely related to a specific Command & Control server being taken down.
  • 8. 2009 Phishing Monthly Report, April Weekly behavior of attacks from phish kits: Fraud Attacks Using IP Addresses Phishers today use IP addresses as part of the hostname instead of a domain name. This is a tactic used to hide the actual fake domain name that otherwise can be easily noticed. Also, many banks use IP addresses in their Web site URLs. This makes it confusing for customers from distinguishing a legitimate brand IP from a fake IP address.
  • 9. 2009 Phishing Monthly Report, April A total of 1260 phish sites were hosted in 74 countries. This accounted for an increase of approximately 53% of IP attacks in comparison to the previous month. The Asian countries of China and Taiwan accounted for approximately 10% of IP attacks in the month. Czech Republic which is usually not in the list of top ten countries where phishing sites are hosted surprisingly featured in the second position this month after United States. April 2009 March 2009 April 2009 March 2009 Country Change Rank Rank Percentage Percentage 1 1 United States 32% 37% -5% Not listed in the top five 2 32 Czech Republic 12% N/A regions of phish origin 3 2 China 7% 11% -4% 4 4 United Kingdom 3% 3% No Change Not listed in the top five 5 9 Taiwan 3% N/A regions of phish origin
  • 10. 2009 Phishing Monthly Report, April A study of two sources “Global Web-hosting Companies” 1and “Internet World Users”2 provide some insight into the behavior of phishing for the countries mentioned in the chart. Two sets of statistics “leading Web hosting companies having maximum users” and “the countries with most Internet users” were examined. By correlating these we find that the USA, China, Japan, India, Germany, France, UK, South Korea are amongst the leading countries with most internet users. Phish Sites That Use IP Address Domains – Categorized By Hosted Cities Among the fraud attacks using IP addresses, the countries hosting phishing sites were further narrowed down to locate their city of origin. For the month of April a couple of new cities featured in this category. The top cities hosting the phish sites were Opava, Bensalem and Atlanta. The Czech Republican city of Opava which never appeared as a city hosting phish sites using IP addresses was the topmost city in the month, with a large number of phish sites originating from this region. Likewise, the city of Bensalem in the Pennsylvanian state of United States had previously never featured in this section. Guatemala City, the capital city of Republic of Guatemala was another new entrant in the top cities hosting phish sites with IP addresses. 1 http://www.webhosting.info/webhosts/tophosts/global/ 2 http://www.internetworldstats.com/stats.htm
  • 11. 2009 Phishing Monthly Report, April Use of Web-Hosting Sites For phishers, usage of free Web hosting services has been the easiest form of phishing in terms of cost and technical skill required to develop fake sites. 113 Web hosting services were used with 1,794 Web sites for hosting phish pages. More than 67 brands were attacked using this method in the reporting period. However, this form of attack is not as widely used as it frequently requires manual efforts to prepare the phishing Web page, unlike the automated kit generated Web sites. These types of attacks are also suspended without much delay once they have been reported by end users as fraud. This makes it a less preferred method for professional attackers.
  • 12. 2009 Phishing Monthly Report, April Geo-Location of Phishing Sites Phishing sites were analyzed based upon the geo-location of their Web hosts as well as the number of unique URL’s utilized to lure victims to the phishing Web hosts. 1. Global Distribution of Active Phishing Lures Geo-locations were evaluated based upon unique URLs of active phishing sites. The top countries were found to be the USA (34%), United Kingdom (5%) and South Korea (5%). The proportion of active phishing lures was more evenly distributed for the rest of the locations. It is interesting to observe this newly evolving trend as was seen in the previous month as well.
  • 13. 2009 Phishing Monthly Report, April 2. Global Distribution of Phishing Web Hosts The Web hosts IPs for active phishing sites were analyzed to determine their geo- locations. The top countries are the USA (42%), Romania (5%) and Russia (5%). Similar to the distribution of active phishing lures, the proportion of the phishing Web hosts to some degree was evenly distributed over the rest of the locations.
  • 14. 2009 Phishing Monthly Report, April Non-English Phishing Sites Phishing attacks in French, Italian and Chinese language were evaluated to be higher in April. French language attacks overtook attacks in Italian language to reach the top position. Symantec observed that phishing Web sites in French language were more than the usual level for a popular brand that resulted in the variation this month. French and Italian language phishing sites were mainly from the Financial sector, while Chinese language phishing sites were from the E- Commerce sector. By correlating statistics on Internet users worldwide3 and the top global financial brands4 and limiting them to non-English phishing sites, we obtained some significant figures. The Internet usage in France is nearly 35 million, Italy approximately 33 million, China approximately 253 million and 50 million in Brazil. These countries represent a fairly large population of non-English Internet users who are customers to large financial companies. This provides significant evidence to find more phishing attacks in these languages. 3 http://www.internetworldstats.com/stats.htm 4 http://www.forbes.com/lists/2008/18/biz_2000global08_The-Global-2000_Rank.html
  • 15. 2009 Phishing Monthly Report, April Top-Level Domains of Phishing Sites Overall TLDs Phishing URLs were categorized based on the Top-Level Domains (TLD). The most used TLDs in phishing sites this month are .com, .net and .org comprising of (50%), (9%) and (5%) respectively. The Top-Level Domains in phishing were further categorized: 1. Generic Top-Level Domains (gTLDs) The generic TLDs .com, .net and .org were the most utilized with (72%), (12%) and (7%) of the total phish attacks respectively. 2. Country Code Top-Level Domains (ccTLDs) The Russian, Chinese and French ccTLDs were evaluated to be the highest in phishing attacks with (13%), (9%) and (7%) respectively.
  • 16. 2009 Phishing Monthly Report, April
  • 17. 2009 Phishing Monthly Report, April Country of Brand The brands that the phishing sites spoofed were categorized based on the country in which the brand’s parent company is based. The top countries of brands attacked in April are the USA, UK and Italy. There were 27 countries whose brands were attacked. Sectors being targeted are similar throughout the countries of brands except for those belonging to Germany and China. There was a combination of Banking, E-Commerce and Information Services sectors in Germany. In the case of China, the E-Commerce sector has been a primary target. There was an increase observed in the Banking sector brands belonging to India.
  • 18. 2009 Phishing Monthly Report, April Glossary • Phishing Toolkits: Phishing toolkits are automated toolkits that facilitate the creation of phishing Web sites. They allow individuals to create and carry out phishing attacks even without any technical knowledge. • Unique Phishing Web site: The phishing Web sites that have a unique Web page are classified as “Unique Phishing Web sites”. URLs from phishing toolkits that randomize their URL string are observed to point to the same Web page and do not contain a unique Web page in each URL. Unique Phishing Web sites are the ones where each attack is categorized on distinct Web Pages. • Web-Hosting: Type of Internet hosting service which allows individuals and organizations to put up their own Web sites. These Web sites run on the space of Web host company servers accessible via the World Wide Web. There are different types of Web hosting services namely, free Web hosting, shared Web hosting, dedicated Web hosting, managed Web hosting, etc. of which the free Web hosting service is commonly used to create phishing Web sites. • Typo-Squatting: Typo-squatting refers to the practice of registering domain names that are typo variations of financial institution Web sites or other popular Web sites. • A Top-Level Domain (TLD) sometimes referred to as a Top-Level Domain Name (TLDN): It is the last part of an Internet domain name; that is, the letters that follow the final dot of any domain name. For example, in the domain name www.example.com, the Top-Level Domain is com (or COM, as domain names are not case-sensitive). • Country Code Top-Level Domains (ccTLD): Used by a country or a dependent territory. It is two letters long, for example .us for the United States. • Generic Top-Level Domains (gTLD): Used by a particular class of organizations (for example, .com for commercial organizations). It is three or more letters long. Most gTLDs are available for use worldwide, but for historical reasons .mil (military) and .gov (governmental) are restricted to use by the respective U.S. Authorities. gTLDs are sub classified into sponsored Top-Level Domains (sTLD), e.g. .aero, .coop and .museum, and un-sponsored Top-Level Domains (uTLD), e.g. .biz, .info, .name and .pro.