The Anti-Phishing Working Group, a consortium of digital security companies, released its latest report last week and the results are less than comforting: more brands are being hijacked by cyber-criminals and the number of attacks is rising.
The report chronicles the size and scope of phishing, schemes that try to dupe users into revealing private information by creating digital confidence ploys. The level of activity signals that even 20 years into the commercial internet, there remains limited awareness of the structure of web addresses and html formatting.
Web users can still be fooled into thinking mybank.example.com is a part of the “mybank” website when it’s actually part of example.com, and that links like this http://www.google.com point to the Gmail creator’s search engine. (It actually links to yahoo.com.)
Users also continue to be tricked by web address where visually similar characters have been substituted–a zero for the letter “o” for example.
According to the report, phishing attempts using a form of a brand name–be it spoofed or obscured in these ways or others–has been on the decline over the last two years, but is still at a level higher than five years ago. Data show 54% of phishing attempts used this tactic in December 2012, the latest available data.
Spoofing a brand is likely to become more frequent in the future, says David Silver, an executive at MarkMonitor, the division of Thomson Reuters that protects brands by surveilling social networks, domain name registries, and search engines.
“It’s impossible to register every possible permutation” of a brand in every possible venue, he told Quartz. Silver noted the threat of brand spoofing extends beyond websites to Twitter accounts, Facebook pages, and search engine results and can have a range of motivations, beyond phishing for confidential information including selling pirated, knockoff, or counterfeit goods.
The number of brands used in attacks has been steadily increasing over the last five years. In January 2008, only 131 unique brands were discovered to be used in phishing attempts reported to the working group. The same figure grew to above 400 in December 2012.
A Wikileaks hoax in July 2012 used two of these tactics, registering a Twitter account to resemble that of former New York Times executive editor Bill Keller’s by swapping an “l” with an “i” in the username, then tweeting a link to a fake op-ed on “opinion-nytimes.com” that mimicked a real nytimes.com/opinion article page.
Wikileaks’s con largely amounted to a sophisticated prank. Meanwhile, a successful phishing attack by Syrian hackers drove financial markets to lose $136 billion in value. They duped an AP employee using what looked like an internal AP email to capture the organization’s editorial twitter credentials. The Syrian hackers then posted a tweet from the AP’s account claiming the White House had been bombed and President Barack Obama had been injured. When the truth was learned, financial markets regained their losses.
After a more than a 50% decline from 2009 to 2011, there was a significant increase in attacks into 2012. The final quarter of 2012 saw phishing activity grow each month.