Few will be surprised at new figures from Netcraft showing the number of phishing URLs to have soared in 2006. But there is a alarming sting in this tail - almost half the total came in a single month, December.
According to the company, which monitors the incidence of phishing sites through its browser toolbar, the total number of sites rose from 41,000 in 2005 to 609,000 in 2006. Of this, a staggering 277,000 unique URLs were detected in December alone, with 457,000 cumulatively in the last three months of the year.
Netcraft’s explanation for the sudden surge is the emergence of phishing-creation kits known collectively as "Rockfish" (or "R11"), which automate the rapid creation of scam websites. These allow sophisticated domain management, including webs of sub-domains, as part of the battle to overwhelm anti-phishing systems with vast numbers of short-lived sites that are impossible to keep tabs on or block.
If the Netcraft statistics are anything to go by, this trend is likely to continue its acceleration in 2007, meaning that anti-phishing engineers are now facing the prospect of having to block swarms of anti-phishing sites in real time to make any impression on the phenomenon.
Another interesting indicator is the rise in the number of companies being targeted by criminals, which reached a total of 942 during the year. The range was also noteworthy, with many companies beyond the usual banking sector now under attack, including e-commerce gateways, government websites, ISPs, and online gaming portals.
Countries heading the table of phishing site hosting were South Korea and China, but other less familiar names have started to crop up. Bizarrely, one small country, Armenia, registered three times as many phishing websites, 3,267, as it has legitimate websites, numbering 947.
There are now a small legion of anti-phishing toolbars such as Netcraft’s, for all the popular browsers. Several studies have found fault with most of these products, though their creators would contend that they are still an essential defence.
The Netcraft Toolbar for Mozilla’s Firefox browser has been around since 2005. It now looks as if whatever else anti-phishing toolbars do, they are an important window on the evolution of phishing as a phenomenon for an industry that would otherwise be totally blind as well as defenceless.