LOS ALTOS, Calif. & CAMBRIDGE, Mass.--BUSINESS WIRE--The APWG’s Q4, 2009 Phishing Activity Trends Report reveals that eCrime syndicates are expanding the base of brands they exploit for online fraud far beyond major financial institutions and online merchants, with the number of hijacked brands reaching a record 356 in October, up nearly 4.4 percent from the previous record of 341 in August 2009.

“Spear-phishing and whale-phishing, where targeted individuals inside of corporations, or of high net worth, appears to be increasing.”

APWG Secretary General Peter Cassidy said, “No brand is safe from the threat of spoofing for the purposes of online fraud. Once, only the largest banks were targeted. Now, every kind of enterprise from banks and credit unions of all sizes to charities to, in a recent case, a hardware manufacturer, are now seeing their brands exploited in all manner of fraud scheme.”

While the number of unique phishing reports submitted to the APWG in Q4 declined nearly 29 percent from the all-time high of 40,621 in August, dropping to 28,897 reports in December, the statistics obscure a more troubling trend. Member reports to APWG and research reviews in Q3 and Q4, however, reveal a substantial increase in phishing focused on high-value targets such as personnel with treasury authority.

APWG Chairman Dave Jevans said, “Spear-phishing and whale-phishing, where targeted individuals inside of corporations, or of high net worth, appears to be increasing.

“Phishers and malware attackers are sending emails to individuals in a highly targeted fashion, attempting to gain access to corporate online banking systems, corporate VPN networks, and other online resources. These attacks do not contribute significantly to the overall number of unique phishing emails that are sent, as they are not using broad-based spam. Rather, the attackers customize their email messages to target individual users,” Jevans said.

The report is available here: http://www.antiphishing.org/reports/apwg_report_Q4_2009.pdf

The APWG Q4, 2009 Trends Report, combining data from APWG members MarkMonitor, Websense and Panda Security with the APWG’s own statistics, also reported:

● October’s high of 46,522 unique phishing websites detected by the APWG was down 18 percent from the August, 2009 record high of 56,362

● The number of unique brand-domain pairs rose to a quarter high of 23,380 in October, still down 4 percent from the all-time high of 24,438 in August, 2009

● There was an increase in rogueware variations of 36 percent in Q4 252,025, up from Q3 158,980

● The total number of infected computers dropped to 10,305,805 in Q4, representing more than 47.8% percent of the total sample of scanned computers, the lowest infection rate recorded in 2009

The results of the Q4 report are of grave concern to the global membership of the APWG and the research centers, treaty organizations, law enforcement agencies, government agencies and industry associations with which the APWG corresponds.

Those members, correspondents and researchers from around the world will be considering the results of this Trends report and other eCrime research at the fourth annual Counter-eCrime Operations Summit CeCOS in Sao Paulo, Brazil on May 11-13. CeCOS IV is a three-day event that examines the eCrime phenomenon from the point of view of the responder or manager who has to engage eCrime on a workaday basis. The conference is sponsored by EasySolutions and MarkMonitor and co-hosted by CERT.br.

The conference agenda is here:

http://www.antiphishing.org/events/2010_opSummit.html

About the APWG

The APWG, founded in 2003 as the Anti-Phishing Working Group, is a global industry, law enforcement, and government coalition focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing, and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,800 companies, government agencies and NGOs participating in the APWG and more than 3,500 members. The APWG's Web site offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection.

APWG's corporate sponsors are as follows:

AT&TT, Able NV, Afilias Ltd., AhnLab, AVG Technologies, Bank of America, BBN Technologies, Blue Coat, BlueStreak, BrandMail, BDProtect, Bsecure Technologies, CapitalOne, Check Point Software Technologies, Clear Search, Cloudmark, CyberDefender, Cyveillance, DigiCert, DigitalEnvoy, DigitalResolve, Digital River, Easy Solutions, eBay/PayPal EBAY, ESET, ESTsoft, Fortinet, FraudWatch International, FrontPorch, F-Secure, Goodmail Systems, GeoTrust, GlobalSign, GoDaddy, Goodmail Systems, GuardID Systems, HomeAway, HitachiJoHo, ING Bank, Iconix, iMatrix, Internet Identity, Intuit, IOvation, IronPort, IT Matrix, Kaspersky Labs, Kindsight, la Caixa, Lenos Software, LightSpeed Systems, MailFrontier, MailShell, MarkMonitor, Marshall8e6, McAfee MFE, MasterCard, Melbourne IT, Microsoft MSFT, MicroWorld, Mirapoint, MySpace NWS, MyPW, MX Logic, NameProtect, National Australia Bank ASX: NAB Netcraft, NetStar, Network Solutions, NeuStar, Nominum, Panda Software, Phoenix Technologies Inc. PTEC, Phishme.com, Phorm, Prevx, The Planet, Radialpoint, ReturnPath, Royal Bank Scotland, RSA Security EMC, RuleSpace, SAIC, S21sec, Salesforce.com, SecureBrain, Secure Computing SCUR, SIDN, Sigaba, SoftForum, SOPHOS, SquareTrade, SurfControl, SunTrust, Symantec SYMC, TDS Telecom, Telefonica TEF, Trend Micro TMIC, Tricerion, TriCipher, TrustedID, Tumbleweed Communications TMWD, Vasco VDSI, VeriSign VRSN, Visa, Wal-Mart WMT, Websense Inc. WBSN and Yahoo! YHOO.