August's numbers were down by around 3% from July, an industry group says.
The number of phishing attacks spammed to computer users fell for the second straight month, the Anti-Phishing Working Group (APWG) said last week as it reported on August's scams.
According to the APWG, a collection of over 1,900 companies, banks, ISPs, and government agencies, 13,776 unique phishing attacks were recorded during August, down about 3 percent from July's 14,135. The high tide for phishing attacks was June, which saw 15,050.
But although the number of attacks declined slightly, the number of phishing Web sites actually increased by 15 percent in August over July. APWG tracked 5,259 scam sites in August, up from 4,564 the month before.
"This may reflect an increasing tendency for phishers to target a diverse group of smaller brands, and also an increased use of multiple sites to host a single attack, in order to increase their resiliency to takedown efforts," the APWG wrote in the report.
The slip in phishing attacks may be tied to the continuing trend of some phishers shifting to more sophisticated tactics, specifically loading up malicious sites with keylogger-installing Trojans that exploit vulnerabilities in Internet Explorer.
That trend, which APWG and other experts on phishing scams have remarked on during the second half of 2005, contributed to an increase in the number of sites hosting password-stealing code. In August, the APWG found 958 such sites, a 4 percent increase over July's 918.
Since April, the number of malicious sites hosting keyloggers has jumped by 368 percent.
The U.S. still leads the world as the host of more phishing sites than any other country, the APWG reported, and accounted for nearly 28 percent of all scam URLs. As with spam, China and South Korea came in number two and three, respectively.
Financial services firms remain the top target, with 84.5 percent of the scams aimed at banks, brokers, credit unions, and online payment companies.
The APWG's August report can be downloaded in PDF format from the group's site.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.