This comprehensive survey by APWG from the first half of 2013 provides an in depth overview of Phising tactics and their respective statistics. The report focuses on phishing attacks targeting the general public.
It is interesting to note that the average uptimes of phishing attacks are climbing, up from the historic lows seen in early 2012, to 44 hours and 39 minutes. The “uptimes” or “live” times of phishing attacks are a vital measure of how damaging phishing attacks are, and are a measure of the success of mitigation efforts. The first day of a phishing attack is the most lucrative for the phisher, so quick take-downs are essential.
The survey also indicates that the favorite service for phishers to abuse in 1H2013 was UNONIC, where at least 865 malicious sub-domains were spotted. This service has not previously been noticed as a major source of malicious subdomains, showing that phishers will take advantage of any service they find vulnerable. This German company provides “free” registration services and has many different sub domains. The service has a very professional website and a “Report Abuse” feature, so it should worry us all that it has abused so heavily in the first half of 2013. This may indicate that this service’s “up-front” preventative processes aren’t deterring phishers and therefore other layers of cyber security must be deployed.