Hackers compromise legitimate websites for phishing schemes

October 25, 2012

Phishing attacks have become one of the most popular techniques employed by hackers to obtain confidential information, including credit card numbers and account passwords. Usually spread through email, more cybercriminals are choosing to compromise websites to target more people at once, which serves as a reminder for internet users to take network security precautions.

Reports of phishing websites increase
According to The Global Phishing Survey: Trends and Domain Name Use, conducted by the Anti Phishing Working Group (APWG), more hackers are stealing from consumers via real websites, Help Net Security reported. The study found a 12 percent increase in the number of phishing websites between the last half of 2011 and the first half of 2012 - there have now been 93,462 cases of of phishing attacks.

Despite the rise in phishing threats, the report showed that the time a compromised website was live online - also known as uptime - decreased in the first six months of this year, according to the source. Phishing sites today have an average uptime of 23 hours and 10 minutes, which experts have declared a new record low. The uptime is used to measure the damage caused by a phishing attack, and can determine how successful an organization was at containing the problem. If a bad site were live for a longer period, cybercriminals could victimize more people to gain money.

The study also determined a new tactic that phishers are taking to affect users. According to the source, cybercriminals are focusing their energy on shared servers, where a number of domains are stored in order to infect hundreds of websites at a time. Many of the sites are also companies that people trust, which is why it is more likely that someone who clicks a link may accidentally infect his or her computer.

Ensure data security from phishing attempts
Because of the rise in sophisticated phishing reports, it is more difficult for people to recognize if or when they are a victim of an attack. To ensure data protection, users must install antivirus and security software to monitor their networks and block any threats. People should also educate themselves on security to learn about ways to prevent data from being stolen. Consumers should avoid clicking on suspicious links and attachments unless they are positive whom a correspondence came from, or where it may lead.

-McAfee Cloud Security