New Phishing Stats Reveal Rewards Programs are Gaining Popularity with Cyber Criminals

Share Article

A report released by PhishTank, the world’s largest community-powered anti-phishing effort, shows a rise in phishing sites targeting rewards programs.

OpenDNS users around the world are now prevented from accessing an additional 13,892 phishing sites.

OpenDNS, the world's largest and fastest-growing provider of Internet security and DNS services that deliver a safer, faster and more intelligent Internet experience to everyone, today announced new findings from PhishTank, the community website where anyone can submit, verify, track and share phishing data, that indicate that cyber criminals have maintained their concentration on financial institutions, social media and gaming sites, and are sharpening their focus on popular loyalty programs as well.

Of list of top 10 brands targeted by phishing criminals in January, half are banks or financial institutions. The list includes PayPal, MasterCard and JP Morgan Chase among others. Loyalty rewards programs are also becoming a more popular target for phishing, as they allow cyber criminals to not only breech personal financial data, but to leverage victims’ existing rewards points in much the same way they would currency. Two notable Brazilian loyalty programs, Cielo Fidelidade and TAM Fidelidade, made the list of January’s top ten targeted brands.

Last month we reported that cyber criminals took advantage of the holiday season by focusing their efforts on creating phishing sites to spoof financial services organizations and the travel industry. However, it seems that they’re back to their old tricks again. Social media and gaming companies are again topping the list of most popular brands as their momentum in pop culture increases. Facebook, the world’s second most popular website, climbed back to near the top of the list of most targeted brands in January to become the second most popular target for Internet bad guys.

The PhishTank community submitted nearly 20,000 phishing sites to PhishTank in January and, through a comprehensive review and evaluation process that included more than 78,000 individual votes, deemed 71 percent of those phishes valid. That means OpenDNS users around the world are now prevented from accessing an additional 13,892 phishing sites. On average, the PhishTank community was able to move suspected phishing sites through the verification process, and eliminate the threat to OpenDNS users, in just two hours.

Since PhishTank was founded in 2006, the PhishTank community has successfully verified more than 800,000 phishes. PhishTank data ensures the safety of more than 30 million OpenDNS users, who are automatically prevented from reaching phishing sites. In addition, PhishTank protects the collective millions of customers of some of the world's largest technology companies, many of which use the site's data to incorporate anti-phishing functionality into their services. More information, statistics and graphics related to January PhishTank findings can be found here:

About OpenDNS

OpenDNS is the world's leading provider of Internet security and DNS services, enabling the world to connect to the Internet with confidence on any device, anywhere, any time. OpenDNS provides millions of businesses, schools and households with a safer, faster and more intelligent Internet experience by protecting them from malicious Web threats and providing them control over how users navigate the Internet, while dramatically increasing the network's overall performance and reliability. For more information about OpenDNS, please visit:

About PhishTank

PhishTank is operated by OpenDNS and is the first and only effort of its kind. Launched in October 2006 to coincide with National Cyber Security Awareness Month, the site employs a sophisticated voting system that requires the community to vote "phish" or "not phish," reducing the possibility of false positives and improving the overall breadth and coverage of the phishing data. PhishTank makes all phishing data it accumulates public and available via programmable APIs, which allow other software developers to incorporate the anti-phishing data into their tools. The open access is intended to encourage the sharing of information and increase the chance of eliminating phishing all together. For more information about PhishTank, please visit:


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Allison Rhodes
Email >
Visit website