We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,131 News Articles

Phishing threat surges as URLs triple

Cybercriminals increase efforts to steal your ID

The number of phishing web URLs nearly tripled from March to April, a security group said, as cybercriminals returned to a late-2006 tactic designed to do an end run around browser-based antiphishing filters.

In one month, the number of unique sites soared 166 percent, from 20,871 in March to 55,643 in April, said the Anti-Phishing Working Group (APWG), an association of more than 1,600 companies and government agencies.

"They're trying to overwhelm the filtering mechanisms" in browsers and antiphishing toolbars, said Peter Cassidy, the secretary general of the APWG, "by using many, many URLs, some which may resolve to the very same phishing site”.

Phishers using the tactic don't register any more domains than usual but simply craft unique URLs by randomising the subdomain to create new addresses.

"The idea is to come up with unique URLs that have not been reported and end-running the filters," Cassidy said. Both Microsoft's Internet Explorer and Mozilla's Firefox rely on blacklists - lists of previously reported phishing URLs - to warn users that they may be about to visit a dangerous site.

Cassidy saw a silver lining in the uptick. "It's a good sign. It's a sign that [phishers] are working harder," he said. "Vulnerable points of the technology that can be abused are slowly closed as protocols and systems are improved." Backing his claim was other data collected by the APWG that pegged the number of unique phishing email campaigns at 23,656 during April, down from March's 24,853.

www.computerworld.com


IDG UK Sites

6 cheapest 4K TVs in the UK 2014: Get a UHD telly without breaking the bank

IDG UK Sites

Apple MacBook Air (11-inch, 256GB, Early 2014) lab tests and benchmarks

IDG UK Sites

How to stop your parents opening and responding to phishing emails

IDG UK Sites

Google to ship first Project Ara developer boards in July