Hackers continued their buoyant number of phishing attacks in April and are increasingly focusing their efforts on e-commerce companies, experts warn.
The Anti-phishing Working Group (APWG) that it received 14,411 reports of phishing attacks in April, underscored by a significant spike in attacks over the first week in April.
In total, the APWG reported 2,854 active phishing sites in April, slightly down from the 2,870 recorded in March, but the figure still highlights a continuing trend of slight growth in attacks during 2005 compared to past years, the APWG said.
The average monthly growth rate in phishing sites through April has been 15%, the APWG reported.
Phishing is the fraudulent acquisition, through deception, of sensitive personal information, such as passwords and credit card details, by hackers masquerading as a trustworthy organisation with a real need for such information.
Hackers, as well, are modifying their methods by steering clear of popular and large institutions and shifting to e-commerce companies.
"One of the things we have noticed is a trend where hackers are modifying their attack methods by shifting away from mimicking large financial organisations and are now focusing on global e-commerce companies," said Mark Murtagh of Websense Security Labs.
"As phishers try to further disguise their scam attempts to trick end users, there has been a fall in the number of sites that contain no domain name," he added.
"This has been falling over the past three months, and the strongest decrease was in April, where it hit 11%. Cousin URLs (domain names which look similar to an actual domain name) are being used to give the impression of legitimacy."
Some 79 brands were hijacked by phishing campaigns in April, of which seven constituted 80% of the month's attacks. Some 37% of attacks featured solely an IP address without a hostname, and 33% contained some form of a target name in the URL, the APWG reported.
