Internet Security Systems - AlertCon(TM)

The End of One-man-show Phishing Attacks?

Posted by Gunter Ollmann on August 20, 2007 at 2:00 PM EDT.

So, I was going through the data from our Content Protection team in Kassel relating to last week’s findings and a several things popped out at me.  Firstly, it was a massive week, with over 71,000 brand new phishing sites identified (71,417 to be precise), of which 99.86 percent were associated with Phishing kits.  Secondly, the number of non-phishing kit sites has continued to drop week-on-week, and now constitute an insignificant volume of weekly totals – which I’d take to conclude that many of those lone Phishers are increasingly opting for kit-based deployment strategies because they have higher rates of identity theft success. And finally, there was a typical distribution of hosting domains associated with the phishing kit sites – 71,318 sites collapsing down to 450 domain registrations – making use of random free webmail address details for the registrations, along what looks likely to be the real names and addresses of the owners of stolen credit cards used to pay for the site hosting.

Given how fast this migration to kit-based hosting and distribution has proceeded, I’m wondering how long before the one-man-show phishing attack has disappeared in to the annuls of history?

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.