Fraudsters ramped up phishing attacks by 29 percent in November, according to a new report.
The number of phishing sites reached 1,518 last month, the Anti-Phishing Working Group said in a report released on Wednesday. The total was up almost a third over October and three times the level in September.
Internet service providers EarthLink and MSN were the focus of particularly heavy attack, the trade group said.
"EarthLink and MSN came up quickly in the stats for November," said David Jevans, chairman of the Anti-Phishing Working Group. Hundreds of reports of an EarthLink phishing scam were submitted in the last six days of the month, and a similar influx for the MSN attempt came in over the last two days, he said.
A total of 51 brands were hijacked by cybercriminals during the month, the group found. Financial services was again the most targeted industry, averaging 75 percent of all hijacked brands. ISPs faced a fair share of scams, accounting for 16 percent, according to the report.
The same template -- page layout, language and buttons -- was used in the EarthLink and MSN attempts, Jevans said. "Basically, the people who were doing EarthLink either moved over to MSN, or it was someone using a similar phishing toolkit and expanded it to include MSN," he said.
Both scams asked people for their username, password, social security number, credit card number and other personal information.
"When you have more people online, you also have more phishers," EarthLink spokesman Jerry Grasso said. "This is the time of the year that there is more fraudulent activity across all channels and people reporting it."
We also have better reporting into anti-phishing groups, so the bump we saw in November may come from sharing that information with the groups," he added.
MSN was not immediately available for comment.
The United States remained the top host country for phishing Web sites, accounting for 27 percent, the report said. China posted a rise last month, in large part due to the EarthLink and MSN sites that were hosted in that region. China represented 21 percent of phishing Web sites last month.
Talkback
Skype seem to have unwittingly got themselves caught up in a Phishing scam.
In a vain effort to improve their customer payment process for "SkypeOut", they are now directing customers to a very dubious site called moneybookers.com. This site not only wants your Card Number and security code but also insists on obtaining a mobile phone number to "activate" your payment. They do not tell you that you have to have a mobile phone either before you give them you card number and security code details or accept their terms and conditions which are not obviously available to view. Further, if you do not have access to a mobile phone, they actually ask for a photocopy of both sides of your credit card, a copy of your passport or driving licence, and a signed copy of your last statement from your credit card company.
One does not have to be a rocket scientist to figure out how much they would make if only half of the 2 million Skype customers followed this route!