Phishers exploiting cheaper domain registrations

21 Aug 2007

Spoofed websites are typically live for less than seven days, internet security firm Trend Micro has revealed.

The use of unclassified URLs is the primary method by which phishers lure victims into giving away their personal data, the company’s research arm TrendLabs found during July.

It said the ease of obtaining an online presence due to cheaper domain registration rates was partially to blame for the continued prevalence of phishing sites, and suggested that phishing attempts are likely to increase.

The introduction of phishing kits into the underground markets is also estimated to lead to a growth in phishing activity online. Ever-more sophisticated techniques involving social engineering targeted at smaller, more regional establishments are emerging, with targeted phishing showing an increase in the past six months.

The use of unclassified URLs was the most common phishing method for the first half of 2007, used in 56pc of phishing attacks.

The top ten companies whose websites were spoofed by phishers during the past six months are: eBay; Paypal; Bank of America; Wachovia; Fifth Third Bank; BB&T; Poste Italiane; Sparkasse; Regions Bank; and VolksBank.

The list shows that phishing attempts are now targeted at smaller, regional banks.

TrendLabs also reported a phishing attack on Ulster Bank this month.

By Niall Byrne