E-crime gangs now use classified ads for phishing activities

The online classified advertisement services sector has been increasingly exploited as a phishing attack vector by ecrime gangs, a trend confirmed by the growth of attacks abusing classified companies in the first half of 2010, accounting for 6.6% of phishing attacks in Q2 2010 alone, according to the APWG’s Phishing Activity Trends Report.
 
“The classifieds sector grew 142% from the previous quarter and over 91,000% from the comparable quarter a year ago. This sudden growth may have been due to Auction sector phishing resources shifting over to the classifieds sector.”
 
Though the online payment services sector remained the most targeted industry with 38% of detected attacks in Q2, up from 37% in Q1, the classified advertisement services sector exhibited the most rapid growth in phishing attacks of all sectors in the half.
 
“The classifieds sector grew 142% from the previous quarter and over 91,000% from the comparable quarter [Q1] a year ago. This sudden growth may have been due to auction sector phishing resources shifting over to the classifieds sector,” said Ihab Shraim, MarkMonitor’s Chief Security Officer and Trends Report contributing analyst.
 
Classified advertisement websites for person-to-person trading, job postings, personals ads and other kinds of online commerce and culture offer ecrime gangs rich contexts for casting false scenarios to trick consumers into giving up funds or financial data that can be used for fraud, or even to draft them as unwitting accomplices into their criminal enterprises such as working as money mules.
 
Meanwhile, the growth of detected samples of rogueware — malicious crimeware disguised as anti-virus or anti-spyware software — rose some 13% from quarter to quarter, up from 183,781 in Q1 to 207,322 in Q2, 2010.