Study: Phishing attacks up by 50 percent per month

The number of new phishing attacks reported has risen by an average of 50 percent per month in the first six months of this year, according to the Anti-Phishing Working Group (APWG), which monitors such attacks.

Phishing attacks use spoofed e-mails and fraudulent Web sites to fool respondents into entering personal financial data such as credit card numbers, account usernames and passwords, which can then be used for financial theft or identity theft.

Phishers launched 1,422 new attacks in June, up 19 percent on the 1,197 recorded in May and more than 12 times as high as the 116 attacks reported in December 2003, APWG reported on its Web site this week.

Most phishing attacks are aimed at customers of banks in the U.S., U.K. and Australia although online e-commerce companies such as eBay Inc. and PayPal Inc. are also targeted.

Citibank Inc. is the current favorite of phishing criminals, with 470 separate attacks made in June, compared to the 285 attacks aimed at eBay. Lloyds TSB Bank PLC was the main U.K. target with 24 attacks in June, and Westpac Banking Corp. of Australia was attacked 11 times.

The APWG has over 400 members including eight of the top 10 U.S. banks, four of the top five U.S. ISPs (Internet service providers) and law enforcement bodies from Australia, Canada, the U.K. and U.S.

Internet security company Websense Inc. issued its own analysis of the APWG report Tuesday, and found that:

-- the U.S. hosted the most phishing Web sites in June, at 27 percent of all sites

-- the average lifespan of a phishing site in June was 2.25 days

-- 25 percent of phishing Web sites were hosted on hacked Web servers

-- 94 percent of phishing Web sites were configured to allow criminals to remotely download captured personal data