The number of phishing web URLs nearly tripled from March to April, a security group said, as cybercriminals returned to a late-2006 tactic designed to do an end run around browser based anti-phishing filters.
In one month, the number of unique sites soared 166%, from 20,871 in March to 55,643 in April, said the Anti-Phishing Working Group (APWG), an association of more than 1,600 companies and government agencies.
"They're trying to overwhelm the filtering mechanisms" in browsers and anti-phishing toolbars, said Peter Cassidy, the secretary general of the APWG, "by using many, many URLs, some which may resolve to the very same phishing site".
Phishers using the tactic don't register any more domains than usual but simply craft unique URLs by randomising the subdomain to create new addresses.
"The idea is to come up with unique URLs that have not been reported and end-running the filters," Cassidy said. Both Microsoft's Internet Explorer and Mozilla's Firefox rely on blacklists – lists of previously reported phishing URLs – to warn users that they may be about to visit a dangerous site.
Cassidy saw a silver lining in the surge. "It's a good sign. It's a sign that [phishers] are working harder," he said. "Vulnerable points of the technology that can be abused are slowly closed as protocols and systems are improved." Backing his claim was other data collected by the APWG that pegged the number of unique phishing email campaigns at 23,656 during April, down from March's 24,853.
The APWG's report can be viewed at the group's website.