'Phishing' attacks rocket in November

EarthLink and MSN were hard hit by the 29 percent increase in fraud, according to a new report.

Dawn Kawamoto
Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
2 min read
Fraudsters ramped up "phishing" attacks by 29 percent in November, according to a new report.

The number of phishing sites, or fake Web sites set up to fool victims into handing over personal information, reached 1,518 last month, the Anti-Phishing Working Group said in a report released on Wednesday. The total was up almost a third over October and three times the level in September.

Internet service providers EarthLink and MSN, owned by Microsoft, were the focus of particularly heavy attack, the trade group said.

"EarthLink and MSN came up quickly in the stats for November," said David Jevans, chairman of the Anti-Phishing Working Group. Hundreds of reports of an EarthLink phishing scam were submitted in the last six days of the month, and a similar influx for the MSN attempt came in over the last two days, he said.

A total of 51 brands were hijacked by cybercriminals during the month, the group found. Financial services was again the most targeted industry, averaging 75 percent of all hijacked brands. ISPs faced a fair share of scams, accounting for 16 percent, according to the report.

The same template--page layout, language and buttons--was used in the EarthLink and MSN attempts, Jevans said. "Basically, the people who were doing EarthLink either moved over to MSN, or it was someone using a similar phishing toolkit and expanded it to include MSN," he said.

Both scams asked people for their username, password, social security number, credit card number and other personal information.

"When you have more people online, you also have more phishers," EarthLink spokesman Jerry Grasso said. "This is the time of the year that there is more fraudulent activity across all channels and people reporting it."

We also have better reporting into antiphishing groups, so the bump we saw in November may come from sharing that information with the groups," he added.

MSN was not immediately available for comment.

The United States remained the top host country for phishing Web sites, accounting for 27 percent, the report said. China posted a rise last month, in large part due to the EarthLink and MSN sites that were hosted in that region. China represented 21 percent of phishing Web sites last month.