US hosts the largest # of phishing sites; 7 tips to protect your data
The United States still leads in the most overall web sites being hosted that are phishing for people’s private information.
The top countries are:
- USA – 25.17%
- China – 10.16%
- Republic of Korea – 9.5%
- France – 4.43%
- Germany – 4.1%
- Japan – 3.02%
- Russia – 2.34%
Statistics from antiphishing.org has the following stats for
February 2007:
· Number of unique phishing reports received in February: 23610
· Number of unique phishing sites received in February: 16463
· Number of brands hijacked by phishing campaigns in February: 135
· Number of brands comprising the top 80% of phishing campaigns in February: 14
· Country hosting the most phishing websites in February: United States
· Contain some form of target name in URL: 25.4 %
· No hostname just IP address: 17 %
· Percentage of sites not using port 80: 2.5 %
· Average time online for site: 4 days
· Longest time online for site: 30 days
Financial Services most targeted industry sector at 92.6%
according to antiphishing.org
The top Identified Targets are:
| Top 10 Identified Targets | Valid Phishes | |
| 1 | PayPal | 1,493 |
| 2 | eBay, Inc. | 1,210 |
| 3 | Barclays Bank PLC | 321 |
| 4 | Fifth Third Bank | 203 |
| 5 | Volksbanken Raiffeisenbanken | 191 |
| 6 | Bank of America Corporation | 188 |
| 7 | Wells Fargo | 133 |
| 8 | Key Bank | 111 |
| 9 | JPMorgan Chase and Co. | 104 |
| 10 | Citibank | 48 |
The bigger question is… What do we do? And how do we protect ourselves?
7 tips to protect yourself from phishing:
1. Awareness – be aware of typical types of phishing web sites. Most use port 80, and are not secure. There is no LOCK on your web browser showing that a SSL (Secure Server Link) is being used to guarantee safety of your data.
2. Educate yourself and your office staff on how to determine if an email is a phishing email. Most have very similar characteristics.
3. Keep your web browser and operating system up to date, check regularly for updates and patches
4. Review Credit Card and Bank Statements on a regular basis. Look for and report anything that seems suspicious.
5. Report emails that are phishing, you can go to phishtank.com or antiphising.org and report the abusive emails.
6. Report the abusive emails to your IT (Information Technology) department. This way they can also notify the appropriate people.
7. Report the abuse to the targeted company. I recently received an phishing email that took me to a site that looked like Paypal’s web site. I knew that it was a phishing email, but I needed to capture the URL (Web Address) to report to Paypal. Most companies have a way to report phishing abuse. The targeted company then goes after the offending web site.
