14 DAY TRIAL // After the number of phishing attacks drastically declined by 45% in August, the trend continued during September according to Symantec. United States remains the country hosting the most phishing sites, which increased in number due to a lower usage of automated toolkits.
Symantec's State of Phishing monthly report (PDF) claims a 5% decrease in all phishing attacks during last month. This is consistent with a decreasing trend observed in recent months, but is also accompanied by a significant drop of 21% in the number of attacks generated using specialized phishing toolkits. This type of schemes now account for only 25% percent of all attacks.
However, the decrease in the use of automated toolkits, which use various sub-domains for different attacks, has led to a spike in the number of unique phishing sites. According to Symantec, 75% of all phishing schemes last month used unique websites and targeted more than 222 brands together.
An increasing trend of using IP addresses in the URL instead of domain names has also been observed. "This is a tactic employed to hide the actual fake domain name that otherwise can easily be noticed. As many banks use IP addresses in their website URLs, this establishes a precedent that spammers can follow as it raises less suspicion," the Symantec researchers explain.
Abusing free Web hosting services remains a frequently used strategy as it significantly reduces the costs and technical knowledge required to launch a phishing attack. A number of 2,237 phishing schemes that targeted over 79 brands were found to be hosted on 110 such services.
The financial sector remains the most affected one, being targeted by 82% of last month's phishing schemes. The Information Services is in second place attracting 17% of attacks. The banking brands in United States, United Kingdom and Italy were the most attacked ones during September, while phishing attacks in China targeted predominantly e-commerce brands.
When it comes to the origin of phishing URLs, US is responsible for hosting 35% of them. The second place is surprisingly occupied by South Korea with 5% of phishing sites. Russia, Poland and Germany complete the top 5 with 4% each.