New Phishing Stats Reveal Criminals Targeted Travel and Credit Card Brands during December

Share Article

A report released by PhishTank, the world’s largest community-powered anti-phishing effort, shows a surge in phishing sites targeting Visa, MasterCard and Airlines Rewards Programs during the holiday spending season.

News Image

OpenDNS runs PhishTank

PhishTank data ensures the safety of more than 30 million OpenDNS users

OpenDNS, the world's largest and fastest-growing provider of Internet security and DNS services that deliver a safer, faster and more intelligent Internet experience to everyone, today announced new findings from PhishTank, the community website where anyone can submit, verify, track and share phishing data, that indicate cyber criminals have taken advantage of increased travel and spending volume during December by sharpening their focus on spoofing airlines and financial services.

Among the most spoofed brands in December were PayPal, Visa, MasterCard, Santander and other financial services organizations. Targeting these companies is a shrewd move by cyber criminals as credit card spending increased 7 percent in December according to First Data, an organization that tracks consumer spending.

A target gaining popularity with phishers is Latin America’s largest Airline, TAM, and its rewards program TAM Fidelidade. The airline, which served more than 34.5 million passengers in 2010 and continues to show year over year growth, was the target of more than 400 verified phishing sites in December. Cyber criminals target rapidly growing brands such as TAM Airlines since there is a high probability that email recipients will have previously engaged with or purchased from the organization’s legitimate site and be more likely to click on links embedded in phishing emails when a prior relationship exists.

Gaming also continues to be a top target for Internet bad guys as two notable companies responsible for popular social gaming sites made the list of December’s top ten most targeted organizations. Sulake Corporation, the parent company of the tremendously popular social entertainment site, was December’s second most targeted brand while World of Warcraft also made the list as December’s tenth most spoofed brand.

The PhishTank community, made up of hundreds of thousands of volunteers and skilled moderators who are devoted to fundamentally improving Internet security, is able to quickly and accurately vote and verify phishes. On average, phishes submitted to PhishTank are verified and blocked in only a few hours. The PhishTank community also has a high level of accuracy in identifying likely phishes and submitting them for verification. The community and its expert moderators only deemed 5.9 percent of phishes submitted in December as invalid.

Since PhishTank was founded in 2006, the PhishTank community has successfully verified more than three quarters of a million phishes. PhishTank data ensures the safety of more than 30 million OpenDNS users, who are automatically prevented from reaching phishing sites. In addition, PhishTank protects the collective millions of customers of some of the world's largest technology companies, many of which use the site's data to incorporate anti-phishing functionality into their services. More information, statistics and graphics related to December PhishTank findings can be found here:

About OpenDNS
OpenDNS is the world's leading provider of Internet security and DNS services, enabling the world to connect to the Internet with confidence on any device, anywhere, any time. OpenDNS provides millions of businesses, schools and households with a safer, faster and more intelligent Internet experience by protecting them from malicious Web threats and providing them control over how users navigate the Internet, while dramatically increasing the network's overall performance and reliability. For more information about OpenDNS, please visit:

About PhishTank
PhishTank is operated by OpenDNS and is the first and only effort of its kind. Launched in October 2006 to coincide with National Cyber Security Awareness Month, the site employs a sophisticated voting system that requires the community to vote "phish" or "not phish," reducing the possibility of false positives and improving the overall breadth and coverage of the phishing data. PhishTank makes all phishing data it accumulates public and available via programmable APIs, which allow other software developers to incorporate the anti-phishing data into their tools. The open access is intended to encourage the sharing of information and increase the chance of eliminating phishing all together. For more information about PhishTank, please visit:


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Allison Rhodes
Email >
Visit website