BUENOS AIRES, Argentina--(BUSINESS WIRE)--The APWG reports in its Q4 2012 Phishing Activity Trends Report this week that phishing attacks against online game players saw a massive increase, climbing from 2.7 percent of all phishing attacks in Q3 to 14.7 percent in Q4.
“The success of the sector and the richness of in-game commerce options available in online game systems has attracted the attention of phishers who’ve had a decade to hone their skills against online banking and commerce systems. Playing safe is an important today as playing fair,” said APWG Secretary General Peter Cassidy.
Attacks against social media sites doubled to 6 percent, up from 3 percent in Q3. Financial services continued to be the most-targeted industry sector in the fourth quarter, with payment services close behind, the report found.
Online gaming credentials are valuable to certain criminals, who sell them on the black market. In-game items held in those accounts can also be sold by phishers for real-world cash. Depending upon how much information is revealed, the victims can even have their real-life identities stolen.
Overall the APWG’s statistics show that the number of phishing sites declined every month from April 2012 through December 2012. In Q4, the APWG received reports of 51,232 unique phishing sites in October, falling to 28,195 in December. This and other statistics reveal that criminals are relying less on pure social engineering scams such as classic phishing based on social engineering schemes. Instead, there is increased emphasis on deploying crimeware – malware designed to steal the user’s credentials automatically and placing them in the phisher’s control.
Trojans continue to account for about three-quarters of all newly detected crimeware threats. The penetration of malware payloads is also high. According to APWG contributor Luis Corrons of PandaLabs, during Q4 about 30 percent of personal computers worldwide were infected with malware. More than 57 percent of PCs in China may have been infected, while PCs in European nations were infected least-often.
“These shifts are due to fraudsters using more advanced phishing techniques, such as geo-IP blocking and malware,” said Ihab Shraim, Chief Information Security Officer and VP, Anti-Fraud Engineering & Operations at MarkMonitor. “Phishers are also taking advantage of the availability of non-traditional platforms such as social media and mobile to launch newer types of targeted phishing attacks.”
The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_Q4_2012.pdf
About the APWG
The APWG, founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the Stop. Think. Connect. Messaging Convention, the global online safety public awareness collaborative www.stopthinkconnect.org and founder/curator of the eCrime Researchers Summit, the world's only peer-reviewed conference dedicated specifically to electronic crime studies www.ecrimeresearch.org.
Among APWG's corporate sponsors are as follows: Afilias Ltd., AhnLab, AT&T(T), Avast!, AVG Technologies, BBN Technologies, Barracuda Networks, BillMeLater, Bkav, Booz Allen Hamilton, Blue Coat, BrandMail, BrandProtect, Bsecure Technologies, Check Point Software Technologies, Comcast, CSIRTBANELCO, Cyber Defender, Cyveillance, Domain Tools, Donuts.co, Easy Solutions, eBay/PayPal (EBAY), eCert, EC Cert, ESET, EST Soft, Facebook, Fortinet, FraudWatch International, F-Secure, GlobalSign, GoDaddy, Google, GroupIB, Hauri, Hitachi Systems, Ltd., Huawei Symantec, ICANN, Iconix, IID, IronPort, ING Bank, Intuit, IT Matrix, Kindsight, LaCaixa, Lenos Software, MailShell, MarkMonitor, M86Security, McAfee (MFE), Melbourne IT, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, NHN, MyPW, nProtect Online Security, Netcraft, Network Solutions, NeuStar, Nominet, Nominum, Public Interest Registry, Panda Software, Phishlabs, Phishme.com, Phorm, Planty.net, Prevx, Proofpoint, QinetiQ, Return Path, RSA Security (EMC), RuleSpace, SAIC (From Science to Solutions), SalesForce, SecureBrain, S21sec, SIDN, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust, SurfControl, Symantec (SYMC), Tagged, TDS Telecom, Telefonica (TEF), TransCreditBank, Trend Micro (TMIC), Vasco (VDSI), VeriSign (VRSN), Websense Inc. (WBSN), Wombat Security Technologies, Yahoo! (YHOO),zvelo and ZYNGA.
