Organization Finds Huge Jump in Phishing Scams

A new organization calling itself the Anti-Phishing Working Group documented a large jump in the number of phishing attacks in January.

The working group's January report, released in mid-February, found 176 unique new phishing attacks in January, a 52 percent increase over the 116 phishing attacks reported in December. The working group was founded by Tumbleweed Communications and first met in November. It includes banks, financial services institutions and e-commerce sites.

Phishing refers to the effort to get users to give up their private financial information such as passwords, PINs and other identifying or security information through a combination of technical means and social engineering. Most efforts involve an e-mail with a spoofed sender address that asks users to link to and fill out information on a Web page that is a spoof of, or similar to, a legitimate institution the user would recognize.

The working group's January report found that the highest number of unique spoofing attacks attempt to fool users into thinking they are being contacted by eBay. The online auction site is the target for 51 new attacks in January, compared with 33 in December and six in November. Other attractive false fronts and the number of unique new attacks that target them in January were Citibank with 35, AOL with 34, PayPal with 10 and Earthlink with nine.

Some of the most popular avenues of Phishing attacks were cut off by a Microsoft Internet Explorer patch released on Feb. 2. (See story). It will be interesting to see if the number of new attacks in February or March taper off as more and more browsers become immune to the simplest attacks.

Some 32 percent of phish attacks in January exploited a URL syntax for user authentication in Internet Explorer that allowed the use of an @ symbol to appear as one Web site while actually visiting another. A related flaw involving a %01 or a %00 before the @ symbol accounted for 7.8 percent of new phish attacks in January.

A Danish security firm, Secunia, highlighted the IE problem on Dec. 9 and the first phishing attacks based on it began appearing Dec. 18, according to the working group. Microsoft posted a workaround in December and a full patch on Feb. 2.

Another popular method of phish attacks is the use of a cousin URL that resembles the authentic URL of a trusted institution but points to a scammer's site. Examples provided by the working group included, and According to the working group, so-called cousin URL attacks accounted for 9.3 percent of unique phishing attacks in January.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • After High-Profile Attacks, Biden Calls for Better Software Security

    Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.

  • With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

    Hybrid networks, which combine use of cloud services with on-premises software, require a "zero trust" security approach, Microsoft said this week.

  • Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

    A recent ransomware attack on a U.S. fuel pipeline company has put a spotlight on how "critical infrastructure" organizations can prevent similar attacks.