APWG Report: Phishers Shift to Target Online Game Players
April 2013 by APWG
The APWG reports in its Q4 2012 Phishing Activity Trends Report this week that phishing attacks against online game players saw a massive increase, climbing from 2.7 percent of all phishing attacks in Q3 to 14.7 percent in Q4.
“The success of the sector and the richness of in-game commerce options available in online game systems has attracted the attention of phishers who’ve had a decade to hone their skills against online banking and commerce systems. Playing safe is an important today as playing fair,” said APWG Secretary General Peter Cassidy.
Attacks against social media sites doubled to 6 percent, up from 3 percent in Q3. Financial services continued to be the most-targeted industry sector in the fourth quarter, with payment services close behind, the report found.
Online gaming credentials are valuable to certain criminals, who sell them on the black market. In-game items held in those accounts can also be sold by phishers for real-world cash. Depending upon how much information is revealed, the victims can even have their real-life identities stolen.
Overall the APWG’s statistics show that the number of phishing sites declined every month from April 2012 through December 2012. In Q4, the APWG received reports of 51,232 unique phishing sites in October, falling to 28,195 in December. This and other statistics reveal that criminals are relying less on pure social engineering scams such as classic phishing based on social engineering schemes. Instead, there is increased emphasis on deploying crimeware – malware designed to steal the user’s credentials automatically and placing them in the phisher’s control.
Trojans continue to account for about three-quarters of all newly detected crimeware threats. The penetration of malware payloads is also high. According to APWG contributor Luis Corrons of PandaLabs, during Q4 about 30 percent of personal computers worldwide were infected with malware. More than 57 percent of PCs in China may have been infected, while PCs in European nations were infected least-often.
“These shifts are due to fraudsters using more advanced phishing techniques, such as geo-IP blocking and malware,” said Ihab Shraim, Chief Information Security Officer and VP, Anti-Fraud Engineering & Operations at MarkMonitor. “Phishers are also taking advantage of the availability of non-traditional platforms such as social media and mobile to launch newer types of targeted phishing attacks.”
The full text of the report is available here: http://docs.apwg.org/reports/apwg_t...