Home / Industry

The State of Phishing

Over the last three years, the Anti-Phishing Working Group's semiannual Global Phishing Survey has become a widely cited source of information about the state of phishing and its place in the Internet landscape. Afilias' Director of Domain Security, Greg Aaron, has been co-authoring these reports with Rod Rasmussen of Internet Identity, with the goal to show the community what phishers are doing and how anti-abuse measures are effective. The newly published edition of the report highlights how criminals have utilized the domain name space, but offers good news about how the domain name community has helped diminish the effects of some very dangerous phishing. It's an encouraging success story.

The new Global Phishing Survey reveals that in the second half of 2009, the Avalanche phishing gang perpetrated two-thirds of all phishing attacks on the Internet! This criminal entity utilizes a botnet comprised of consumer-level computers to host its phishing and malware too. By running its own distributed, illegal hosting, the gang tries to make its phishing "bullet-proof" — resistant to take-down because there's no traditional hosting provider to call. But such phishing can be stopped by suspending the domain names. Fortunately we saw a number of domain name registrars and registries shut down Avalanche phishing in an increasingly effective fashion, often neutralizing the phishers' technical advantage.

In the second half of 2009, we saw Avalanche registered 4,141 domain names in various TLDs, and hosted up to 40 separate attacks on each domain. Avalanche prefers to register domains at registrars that react slowly (or not at all) to abuse reports and/or have weak fraud-detection routines. Similarly, Avalanche prefers TLDs where the registry operators do not have effective anti-abuse policies and procedures to help the registrars and provide swift action when needed. Unfortunately, we saw Avalanche victimize certain registrars and TLDs over and over again.

Avalanche and similar threats have prompted many industry members to adopt best practices to fight phishing and other criminal abuses. Afilias adopted its .INFO Anti-Abuse Policy in 2007, defining what constitutes abusive use, and reiterating the registry's right to take action. Registrars also have terms of service in their registration agreements, and those terms prohibit illegal activities and allow the registrars to suspend domain names at their discretion. In practice, Afilias monitors for phishing and other problems in the .INFO space, and communicates abuse reports and documentation to its registrars. The registrars examine the reports and work on mitigation as they feel appropriate. On occasion Afilias will also suspend domains directly, especially to stop large-scale abuse in a timely fashion. This kind of cooperation and information-sharing is adaptable and effective, allows registrars and registries to install good process, and appropriately manage risk. On a daily basis, it saves thousands of Internet users from becoming victims.

The 2009 data shows that Avalanche phish stayed up for less than half the time as other phish — a great result. How did it happen? First, the entire response community concentrated attention on Avalanche, pushing phishing attack alerts to each other. That response community includes the banks and online services targeted by the phishers, security companies and researchers, registries, and registrars. Second, a number of registrars and registries took quick action, looking for Avalanche domains and killing them through the summer and fall of 2009. Education and data sharing clearly helped. In November 2009, members of the security community shut down Avalanche's infrastructure for a week. After re-establishing its operations, Avalanche kept registering domains, but launched fewer attacks. Avalanche attacks decreased from 26,411 in October 2009 to just 59 in April 2010. We'll continue to monitor Avalanche, but it appears that overall, the domain industry may be more prepared for whatever comes next.

The median up-time for all phishing attacks on the Internet has fallen remarkably over the past two years, from 19 hours 30 minutes in early 2008 to 11 hours 44 minutes in the second half of 2009. The falling times point to improved awareness, responsiveness, and detection across the board. Here at Afilias, our policies and procedures have dissuaded phishers like Avalanche from registering .INFO domains, and non-Avalanche phish in .INFO stayed alive for less than half the industry average.

The results above emphasize the effectiveness of best practices and processes. Domain industry players are becoming increasingly sophisticated about e-crime, and can greatly improve the safety of the Internet for everyone.

To see all the details, please read the new APWG report (PDF).

Written by Ram Mohan, Executive Vice President & CTO, Afilias

About Afilias

Afilias

Afilias is the world's second largest domain registry, with more than 20 million names under management. Afilias powers a greater variety of top-level domains than any other provider, and will soon support hundreds of new TLDs now preparing for launch. Afilias' specialized technology makes Internet addresses more accessible and useful through a wide range of applications, including Internet domain registry services, Managed DNS and mobile Web services like goMobi® and DeviceAtlas®. (Learn More)

Related topics: Cybercrime, Cybersquatting, Domain Names, Registry Services, Malware, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Season's Greetings - 2014 End of Year Message from DotConnectAfrica

Minds + Machines in 2014 and 2015

New .VOTE and .VOTO Domains Launched

Consumers Prefer the .ORGANIC Domain for True-Organic Goods

DNN Podcast Interview with Antony Van Couvering

TLD Registry and Right of the Dot Establish a Domain Name Industry "Dream Team"

TLD Registry Ltd Welcomes New Board Members

New .LGBT Top-Level Domain Launched

.sydney Domain Names Now Available in Pre-Release

"Chinese Domaining Masterclass" to be Presented at NamesCon Las Vegas in January 2015

Auction and Sales Channel Update

Radix Set to Launch .SITE TLD in 2015

Annual Manthan Award Event This Week

Domain Name .Africa Faces Hurdles - Q&A with Sophia Bekele

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

List of New gTLD Availability & Key Information Provided for Download

Radix Launches .Space for Individuals, Freelancers and Professionals

TLD Registry Wins Best Marketing Award at China New gTLD Roadshow

Public Interest Registry Introduces 'OnGood' - New Brand Identity for .ngo & .ong

Sponsored Topics

Afilias

DNSSEC

Sponsored by
Afilias
Verisign

Security

Sponsored by
Verisign
dotMobi

Mobile

Sponsored by
dotMobi
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines