Phishing boom in China bucks global trends

Filed Under: Featured, Phishing

Fish. Image courtesy of Shutterstock.There's been a sharp upturn in the numbers of phishing pages, with the majority of them hosted in China and targeting Chinese victims and sites.

That's according to analysis of world phishing trends from the Anti-Phishing Working Group (APWG).

The APWG report, covering the second half of 2013, finds over 82,000 unique domain names were used in phishing scams, up from under 54,000 for the first half of the year.

That's an increase of just over 50%. For comparison, the total number of domains on register increased by only 4% in the same period, to 271 million.

When the APWG released its data for the first quarter of last year, it seemed as though phishing was on the decline, at least as a method of scamming people en masse, with those previously engaged in bulk phishing turning their hands to more targeted techniques instead.

The data from the second half of the year is heavily dominated by what seems to be a phishing boom in China.

The growth in Chinese phishing is reflected in a major increase in sites which seem to be set up solely for the purposes of phishing.

More than 1 in 4 scam sites noted in the report take this form, over 22,000 in total, almost double the figure for the first half of the year and the highest figure recorded in the 7 years since the APWG started studying such data.

Most phishing sites make use of pre-existing legitimate domains hijacked for phishing purposes, particularly hosting services where large numbers of sites can be compromised with a single hack on a shared virtual server, but in this recent boom in China it seems that the preferred technique is to make use of cheap or free domain services.

Many such services use the top-level domains (TLDs) of micro-states such as Tokelau, a Pacific island territory of New Zealand whose .tk domain was used for 22% of all sites thought to have been registered by phishers, behind .com of course but well ahead of all others.

The APWG estimates that 85% of such domains, registered specifically to be used for phishing purposes, were set up by Chinese phishers and targeted Chinese sites, including popular online marketplaces such as Taobao and Alibaba as well as many Chinese banks.

China. Image courtesy of Shutterstock.China is clearly a massive market for phishing scams. As the nation's economy continues to dominate the world, the internet is steadily penetrating to more and more of its huge population.

The number of Chinese people with access to the web grew from around 591 million in mid-2012 to an estimated 618 million by the end of 2013, with 81% connecting via mobile devices.

Those mobiles may have received as many as 300 billion spam messages in the past year. Many of those will doubtless have been trying to direct new victims to the hordes of phishing sites being set up to target Chinese consumers.

Better news is also to be found in the APWG study, including continuing indications that we are getting better at spotting and taking down suspect sites - the average uptime was less than 29 hours, and half of all phishing sites were offline within 8 hours.

The report also includes a wealth of data on other aspects of the phishing problem, including the use of URL shortening services and the distribution of brands being targeted.

It seems fairly certain that phishing isn't going to go away any time soon.

As long as humans are easily taken in by social engineering techniques, the APWG and others working in this area should have their work cut out for them for some time to come.


Images of fish and China courtesy of Shutterstock.

, ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.