Trend Micro details how many malicious sites were spotted last month

Jan 3, 2013 22:01 GMT  ·  By

Phishing websites, ones created by cybercriminals to harvest sensitive information from unsuspecting users, have become highly problematic lately. Because they’re so effective, crooks have launched a considerable number of sites that replicate popular companies.

For instance, according to a study performed by Trend Micro for December 2012, a total of 18,947 phishing websites have been found to replicate PayPal.

While some of the fake sites are merely designed to trick users into logging in and handing over their usernames and passwords to the phishers, others are created to serve pieces of malware capable of harvesting sensitive information from the computers they infect.

One particular piece of malware, TROJ_QHOST.EQ, has already infected the devices of internauts from Taiwan, Thailand and the United States.

Besides PayPal phishing sites, researchers have also discovered 2,000 bogus Wells Fargo websites, around 1,600 Visa and Citibank websites, and 1,477 Bank of America sites.

Several fake Citibank websites have been found to use the BlackHole exploit kit to push the Cridex worm, a malicious element that specializes in stealing online banking credentials. In December 2012, WORM_CRIDEX.CTS infected around 277 systems, most of which belonged to users from the US.

The sites of banks and payment processors aren’t the only ones targeted by phishers. Cybercriminals have also launched AOL, Yahoo, Hotmail and Gmail phishing websites.

Interestingly, when it comes to online shopping, auction and deal of the day sites, the most popular appears to be China-based Taobao (1,691), followed by eBay, Amazon, Alibaba and Littlewoods.

Trend Micro has recorded a considerable increase in the number of phishing attacks leveraging the names of Danish e-payment company Nets Group, and real estate firm Remax.

Experts advise users who access their accounts from their mobile phones to be extra cautious. In many cases, since they can’t see the complete URL of a website, they can be easily tricked into thinking that they’re on the genuine site (see screenshot).