So-called Internet phishing gangs are concentrating their efforts within specific top level domains (TLDs) but anti-phishing policies and mitigation programs by domain name registrars and registries are having a significant and positive effect, according to a new study by the Anti-Phishing Working Group -- a group that monitors and attempts to decrease the online practice whereby scammers trick users into giving up sensitive information.
For the study, APWG surveyed 47,324 unique phishing attacks located on 26,678 unique domain names. The group found the number of TLDs abused by phishers expanded 7 percent from 145 in the second half of 2007 to 155 in the first half of 2008. The proportion of Internet-protocol number-based phishing sites decreased 35 percent in that same period, declining from 18 percent in the second half of 2007 to 13 percent in the first half of 2008.
“We’re seeing a trend away from fixed IP-based URLs which are readily shut-down to use of more domain based URLs,” said Internet Identity's Rod Rasmussen, co-chair of APWG’s Internet Policy Committee. “Many of these are on compromised servers which already have established ‘good’ reputations, while others are on fraudulently registered domain names supported by botnets or other throw-away hosting resources."
The report finds some correlations between registry policies and the prevalence and duration of phishing activity in their TLDs. APWG researchers’ analysis of phishing site uptime and other metrics showed that anti-phishing policies can help reduce phishing activity. Specifically, the .cn, .info, and .biz TLDs, whose managers have implemented counter-phishing programs, had phishing site uptimes notably below the industry average.
New Media
Online Politics
Tech Policy
Comments
To post a comment, you must provide a name and a valid e-mail address. Messages must be limited to 400 words. By using this service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Tech Daily Dose does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.