New report finds China to blame for 85% of phishing scams

China phishing attackA recent report from the Anti-Phishing Working Group (APWG) into phishing attacks in the first half of 2014 has found that China is responsible for 85% of fake websites used in phishing scams.

The Global Phishing Survey 1H2014: Trends and Domain Name Use report found that there were at least 123,741 unique phishing attacks worldwide from January to June 2014.

These attacks occurred on 87,901 unique domain names, of which 22,679 were found to have been registered maliciously, mostly by Chinese phishers. The other 59,485 domains were almost all hacked or compromised domains.

Other key findings of the report:

  • Apple became the world’s most-phished brand, with 21,951 attacks (17.7% of all attacks). PayPal was second with 17,811 attacks (14.4%), and third (16,418 attacks, or 13.2%).
  • The introduction of new top-level domains (TLDs) did not have an immediate major impact on phishing. Phishing occurred in 227 TLDs, but 90% of the malicious domain registrations (20,565) were in just five: .com, .tk, .pw, .cf., and .net. Only a small number of phishing attacks were seen in the new generic top-level domains (gTLDs), such as .agency, .center, and .company, launched in early 2014.
  • Malicious domain and subdomain registrations continue at historically high levels, largely driven by Chinese phishers.
  • The average uptimes of phishing attacks – 32 and a half hours – remain near historic lows, indicating that anti-phishing responders are having some success.
  • The companies (brands) targeted by phishing targets were diverse, and there were many new targets, indicating that cyber criminals are looking for new opportunities in new places. The reports notes that “any enterprise with an online presence can be a phishing target – if a site takes in personal data, then there may be phishers who want to exploit it.”

Christmas is the perfect time to phish, as our infographic shows:

US phishing infographic

View the full infographic here:

If you’re concerned about your employees’ susceptibility to a phishing attack, you might be interested in IT Governance’s Employee Phishing Vulnerability Assessment. It will identify potential vulnerabilities among your employees and provide recommendations to improve your security, enabling you to have a broad understanding of how you are at risk, and what you need to do to address these risks.

You may also want to consider the Information Security and ISO 27001 Staff Awareness E-learning Course, which raises awareness of phishing attacks and other important information security issues, helping you reduce your organization’s exposure to security failures. Aligned with ISO 27001 – the information security standard – this course will teach your staff international cybersecurity best practices.

 >> Find out more <<