The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types.

In the first quarter of 2008 the APWG published an excellent “Phishing Activity Trends Report“.  It provides detailed statistics that cover various aspects of how phishing activities are exponentially on the upswing. The report starts out by giving  very concrete definition of phishing being a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. Social-engineering schemes use spoofed e-mails purporting to be from legitimate businesses and agencies to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as user names and passwords.

Some overview topics covered in the APWG report include:

Countries Hosting Phishing Sites
The United States remains is the top country hosting phishing sites due to a large majority of attacks being targeted toward United States-based companies. Russia remained in the top four of all countries throughout the period. There was an interesting drop for China in the last month, when they only rendered 3% of top countries hosting websites.

Most Targeted Industry Sectors
Financial Services continues to be the most targeted industry sector during the first quarter of 2008.  This is consistent with results since the APWG began tracking targeted industry sectors. The up tick of Government as a target in March reflects a rise in IRS-related phishing attacks or similar scams – by phishing and other media – related to the IRS-administered 2008 Economic Stimulus Refund program.

Phishing-based Trojans – Redirectors
Definition: Crimeware code which is designed with the intent of redirecting end-users’ network traffic to a location where it was not intended to go to. This includes crimeware that changes hosts files and other DNS-specific information, crimeware browser-helper objects that redirect users to fraudulent sites, and crimeware that may install a network level driver or filter to redirect users to fraudulent locations. All of these must be installed with the intention of compromising information which could lead to identify theft or other credentials being taken with criminal intent.

Phishing Email Reports
The number of unique phishing reports submitted to APWG in the first quarter of 2008 remained within a range of slightly over 5,000 unique reports. Over the quarter, reports received decreased by 12.5 percent ending at 25,630 in March, after a spike of attacks in February when the number rose to 30,716. The number at the close of the quarter is off from the high of September 2007 by 33 percent. This represents a count of unique phishing email reports received by the APWG from the general public, APWG members, and its research partners.