A report says 154 brands were hijacked in July, an 18% increase over the previous month.
Phishers counterfeited a record number of commercial brands, reaching into ever-smaller corners of the Internet, according to the Anti-Phishing Working Group's latest report.
The group's monthly cybercrime summary says 154 brands were hijacked by e-mailed phishing campaigns during July, an increase of 18% over June and 12% over the previous record, set in May.
"Criminals are spoofing the brands of smaller financial institutions, ISPs, and even government agencies," says Dave Jevans, CEO of IronKey and the working group's chairman.
A year ago, the APWG recorded only 71 brands spoofed. "The number of brands has more than doubled, illustrating that online criminals are simply not settling for the large, popular organizations and financial institutions," says Dan Hubbard, the head of research at security vendor Websense.
The increase in the number of victimized brands was joined by an even larger bump in the number of new phishing sites detected in July: The APWG reported 14,191 bogus sites, another record. "Nobody is immune from attack," Jevans says.
Attacks are getting more complex, Hubbard says, pointing to the continued sale by a Russian group of a do-it-yourself hacking toolkit and a large increase in the use of traffic redirectors that send users to an unintended IP address.
The APWG also reports that the United States retains the dubious honor of being the country hosting the most (28%) phishing sites infected with Trojans and other spyware such as downloaders (the most dangerous kind of phishing URLs). Russia took second with 19%, followed by Brazil with 6%.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.