Some interesting analysis was presented by Pat Cain at the FIRST conference on trends from APWG (Anti-Phishing Working Group) data including their six-monthly surveys of domain names used in phishing campaigns.
There is evidence that concerted campaigns against phishing can be effective – the .hk domain used to be one of the most commonly used but is no longer in the top 10. However Government policies can also have unintended effects, for example one country that requires any recipient of public funds to have a website now has a high proportion of compromised servers hosting phishing campaigns.
Trends are a better measure than single statistics since a single phishing campaign (or the compromise of a registrar) can generate sufficient fake registrations to significantly alter a country’s registration figures. For example trends indicate that action to take down or block phishing domains has had the effect of making criminals change their tactics: free hosting sites used to be popular locations for phishing pages but as these got better at handling notifications the pages moved instead to cheap hosting sites, paid for with stolen credit cards, or compromised hosts. As browsers get better blocking tools, victims are increasingly asked to e-mail or phone their card details or even to upload forms to document sharing or survey systems.
In many ways phishing is showing the same trends as other types of eCrime, so APWG are investigating a more general classification of threats that countries or networks can use to benchmark themselves against aggregated global or regional statistics.
