'Avalanche' Gang Blamed for Most Online Phishing Attacks

An eastern European phishing gang named 'Avalanche' has been blamed for about two thirds of all phishing attacks during the last half of 2009 according to a new report released by the Anti-Phishing Working Group (APWG).

Phishing, as you may already know, is the act of fraudulently attempting to obtain sensitive information from computer users such as passwords, usernames, credit card numbers and even social security numbers. Phishing is a tactic that dates back to the late 80's and later officially named 'Phishing' in 1996. Since then phishing attacks have been the brunt of identity theft in the past years and even today. The recent discovery of the Avalanche gang being responsible for about two thirds of phishing attacks during the last half of 2009 is an astonishing revelation of one of many current phishing sources.

After the popular Rock Phish Phishing group ceased to exist in 2008, the eastern European Avalanche phishing gang then popped up in late 2008. We suspect that Avalanche is a spin-off of Rock Phish which was also run out of an eastern European country.

So far the Avalanche phishing gang has targeted major banks located in the U.S. and U.K. and large online providers such as Google and Yahoo. Altogether APWG has noted that about 40 major institutions have been targeted by Avalanche so far.

Last years' phishing attacks more than doubled during the last portion of 2009, which could be a clear indication that Avalanche was the culprit of this massive increase from what APWG's report indicates. Other studies showed that young internet users were the most vulnerable to online phishing attacks, a viable target for phishing groups such as Avalanche.

How was Avalanche able to account for two thirds of phishing attacks in the last half of 2009? Basically, Avalanche was able to ramp-up their efforts because of the large quantity of attacks generated by automated tools they used and may have created. Fortunately, for security researchers and those fighting phishing attacks, such as APWG, they are able to track new domains created by phishing groups and seek them out through the registrars. This process has been used successfully taking down phishing domains within a matter of two days time or less. The only fear is the Avalanche group will increase their efforts while the phishing attacks have slowed down currently.

When was the last time that you discovered a phishing website? Has your online accounts been compromised by a phishing attack or have you taken action to protect your identity online?