The amount of time phishing websites remain online has dropped 25 percent over the last year, according to a new survey by the Anti-Phishing Work Group (APWG).
The APWG says uptimes are a critical measure of how damaging phishing attacks are and the longer a phishing attack remains active, the more harm it causes consumers. The decrease signals collective progress is being made by the parties that fight phishing, and may be due to improved polices at Internet service providers, brand holders, domain name registrars, and private Internet security providers.
The “Global Phishing Survey: Trends and Domain Name Use in 1H2009” found that phishing website longevity dropped to an average of 39 hours in the first half of 2009, down from an average of 52 hours in the second half of 2008.
“We’re pleased to see that phishing site lifetimes are being positively affected,” said Rod Rasmussen, co-author of the study and CTO of Internet Identity.
“In particular, the survey demonstrates how anti-abuse programs at domain registries can have an immediate impact on the problem.”
The survey also found that a single criminal syndicate called “Avalanche” was responsible for nearly one quarter of all phishing attacks in the first half of 2009. Indications are that the group is continuing to claim a larger proportion of all detected phishing attacks.
“The results show that on the Internet, action and involvement by responsible parties can really help Internet users,” said Greg Aaron, co-author and Director of Domain Security at Afilias.
“When everyone takes responsibility and does their part to make it a safer place, good things happen. We think that is what we are seeing in the results of this study, and we’d all like to see more.”
