Organization Finds Huge Jump in Phishing Scams

A new organization calling itself the Anti-Phishing Working Group documented a large jump in the number of phishing attacks in January.

The working group's January report, released in mid-February, found 176 unique new phishing attacks in January, a 52 percent increase over the 116 phishing attacks reported in December. The working group was founded by Tumbleweed Communications and first met in November. It includes banks, financial services institutions and e-commerce sites.

Phishing refers to the effort to get users to give up their private financial information such as passwords, PINs and other identifying or security information through a combination of technical means and social engineering. Most efforts involve an e-mail with a spoofed sender address that asks users to link to and fill out information on a Web page that is a spoof of, or similar to, a legitimate institution the user would recognize.

The working group's January report found that the highest number of unique spoofing attacks attempt to fool users into thinking they are being contacted by eBay. The online auction site is the target for 51 new attacks in January, compared with 33 in December and six in November. Other attractive false fronts and the number of unique new attacks that target them in January were Citibank with 35, AOL with 34, PayPal with 10 and Earthlink with nine.

Some of the most popular avenues of Phishing attacks were cut off by a Microsoft Internet Explorer patch released on Feb. 2. (See story). It will be interesting to see if the number of new attacks in February or March taper off as more and more browsers become immune to the simplest attacks.

Some 32 percent of phish attacks in January exploited a URL syntax for user authentication in Internet Explorer that allowed the use of an @ symbol to appear as one Web site while actually visiting another. A related flaw involving a %01 or a %00 before the @ symbol accounted for 7.8 percent of new phish attacks in January.

A Danish security firm, Secunia, highlighted the IE problem on Dec. 9 and the first phishing attacks based on it began appearing Dec. 18, according to the working group. Microsoft posted a workaround in December and a full patch on Feb. 2.

Another popular method of phish attacks is the use of a cousin URL that resembles the authentic URL of a trusted institution but points to a scammer's site. Examples provided by the working group included, and According to the working group, so-called cousin URL attacks accounted for 9.3 percent of unique phishing attacks in January.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.