According to Symantec, while the decrease in toolkit attacks was observed across all sectors, it says that this “possibly could be a short term variation in the strategies of the fraudsters”, before we see a resurgence in the forthcoming holiday season.
Symantec also said it had observed that the cutback in toolkit attacks has, in recent months, resulted in a slight increase in attacks employing other tactics such as Typo squatting.
In other findings in its latest survey covering September, Symantec says non-English phishing sites decreased by 33 percent compared to August, more than 110 Web hosting services were used, which accounted for 11 percent of all phishing attacks, and although the proportion remained the same as in August, there was a 3 % decrease in total Web host URLs in September.
Symantec also observed that there was a continuous fluctuation in toolkit attacks throughout September, but that there was a sharp increase observed in the toolkit attack (primarily targeting a payment processing company) in the first week of the month.
Worryingly, Symantec identified an increase in a phishing tactic used in an attack targeting US taxpayers in September. According to Symantec, the phishing attack was facilitated by spam email messages targeting the Internal Revenue Service tax settlement program for the US taxpayers. It says the phishing scam requested the intended victims to review their tax statement online by clicking on the link provided.
CONTINUED page 2
Symantec said the fraudsters reported the issue as “unreported/underreported income” to instil a “sense of panic amongst the taxpayers”. It says the link directed the potential victim to a phishing Web page that requested to download and execute the tax statement file - “tax-statement.exe”, which in fact was a password stealing Trojan, and that the URLs in the phishing attack comprised of several recently created randomized domain names.
“This is a tactic employed to hide the actual fake domain name that otherwise can easily be noticed. As many banks use IP addresses in their website URLs, this establishes a precedent that spammers can follow as it raises less suspicion,” Symantec said.
According to Symantec, a total of 944 phishing sites were hosted in 60 countries in September, amounting to a decrease of approximately 15 percent of IP attacks in comparison to August.
Symantec reports that the United States continued to be the top ranked country hosting phishing sites, and that, although the proportion of IP attacks showed some increase for most of the regions, the numbers of IP attacks, with the exception of the Greater China region, have actually decreased. It said that the Greater China region accounted for approximately 18 percent of IP attacks in September, and the total number of IP attacks originating from the region, increased by 11 percent over August.