85% of all Phishing Scams Sourced from China, Says Report

According to a newly minted report from the Anti-Phishing Workgroup, nearly 85 percent of all phishing attacks on the open Internet are launched on behalf of hackers and criminal organizations from inside the red giant, China.


Photo: wk1003mike / Shutterstock

Out of 22,679 malicious domain registrations reviewed by the research team, over 19,000 of them were registered in China alone, leaving little room for the next two top contenders on the list, Russia and India, respectively.

The report explains not only the makeup of the nationality of the perpetrators involved, but also goes into extensive detail about their movements, which types of scams are most popular, and where people should be most closely guarding their data as they browse around many of the more popular destinations on the web.

“The targets included more large and small banks in Latin America, India, and the Middle
East. The list included diverse sites such as real estate brokerage Century21, Bitcoin wallet provider Coinbase, Irish telecom provider Eircom, office space provider Regus, antivirusvendor Norton, cloud storage provider Box, luxury brand Gucci, and FIFA (the international governing body of soccer, which was targeted during the recent World Cup).”

Luckily, the report claims that the recent introduction of gTLD domains has not automatically correlated with an increased level of attacks on customized or user-created web suffixes, a concern that many security experts had predicted could overtake traditional attacks by upwards of 50 percent by the end of this 2014.

This shows that while most hacking outfits have been adapting to a rapidly shifting environment, many are still behind the curve when it comes to learning how to exploit the most up to date and innovative technologies available on the web today.

“As of this writing, the new gTLD program has not resulted in a bonanza of phishing. A few phishers experimented with new gTLD domain names, perhaps to see if anyone noticed. But most of the new gTLD domains that were used for phishing were actually on compromised web sites. Why haven’t phishers taken big advantage of the virgin name space that new gTLDs offer?”

Topping the list of classic domains affected included many of the standards you’d expect to see, including Amazon, Google, AOL and Yahoo, all of whom have done their best to circumvent the problem of phishing attacks by not only protecting their own websites, but also by buying up many of the same addresses that are close to theirs and could be mistaken through a typo such as “Yahooo!.com”, “Goggle”, and “AmericanOnline”.

The whitepaper notes that while attempts to bring down these types of attacks were stronger than ever, the sheer number of criminal organizations utilizing the tools has swelled far beyond the white hats’ ability to mitigate the threat on their own.

As the rate of Internet access in third and second world countries continues to swell, the few companies and threat research groups out there tasked with stemming the tide are being overwhelmed, and can only keep up with so many different facets of the problem with the limited resources they have.

In the end it comes down to the average web user to keep themselves safe, and a constant state of vigilance for anyone who plans to do their shopping online come this holiday season.