ATLAS Summary Report: Global Phishing

Summary Report

Global Phishing

View:
Brand Summary
Servers

Output:
Print
XML
CSV

Brand Summary (past 24 hours)

Brand Name	Phished URLs	Percentage
eBay	3755	3.3%
PayPal	2508	2.2%
Halifax Bank	222	0.2%
JP Morgan Chase	179	0.2%
Bank of America	132	0.1%
CitiCorp	129	0.1%
Barclays Bank	84	0.1%
Fifth Third Bank	65	0.1%
Wells Fargo	41	0.0%
Visa	22	0.0%
Other	108104	93.8%

Servers (past 24 hours)

By Country

Country	Phishing URLs hosted	Percentage
US (United States)	24911	21.6%
IL (Israel)	15637	13.6%
NL (Netherlands)	14716	12.8%
RO (Romania)	13562	11.8%
PL (Poland)	7171	6.2%
KR (South Korea)	6799	5.9%
JP (Japan)	4927	4.3%
LT (Lithuania)	4632	4.0%
CA (Canada)	2268	2.0%
DE (Germany)	2153	1.9%
Other	18465	16.0%

By ASN

ASN	Phishing URLs hosted	Percentage
AS8584 (BARAK)	9818	8.5%
AS8708 (RDSNET)	7049	6.1%
AS8551 (BEZEQ-INTERNATIONAL-AS)	5702	4.9%
AS6746 (ASTRAL)	5043	4.4%
AS39007 (BALTICUM-TV-AS)	4608	4.0%
AS34377 (BROKER-AS)	3623	3.1%
AS32613 (IWEB-AS)	3480	3.0%
AS8220 (COLT)	3451	3.0%
AS43560 (PANTHERIT)	3439	3.0%
AS31100 (SYNNET-WE)	3439	3.0%
Other	65589	56.9%

By Host

Host	Phishing URLs hosted	Percentage
85.65.14.33 (85.65.14.33.dynamic.barak-online.net)	5437	4.7%
86.100.97.110 (86-100-97-110.klp.balticum.lt)	4608	4.0%
82.166.133.85 (82.166.133.85.biu-dynamic.barak-online.net)	3943	3.4%
85.198.252.129 (ip-85-198-252-129.broker.com.pl)	3623	3.1%
217.119.57.22 (bvtk02.synserver.de)	3439	3.0%
209.172.59.196 (ip-209-172-59-196.static.privatedns.com)	3439	3.0%
195.20.32.103	3439	3.0%
193.33.61.2	3439	3.0%
81.181.17.57	2472	2.1%
220.125.177.110	2431	2.1%
Other	78971	68.5%

Background

Phishing servers host content that is designed to socially engineer unsuspecting users into surrendering private information used for identity theft. These servers are installed on compromised web servers or botnets, at times.

Phishing Web sites mimic legitimate Web sites, often of a financial institution, in order to steal logins, passwords, and personal information. Attackers trick users into using the fake Web site by sending the intended victim an e-mail claiming to be a legitimate institution requesting the information for valid reasons, such as account verification. They may then use the stolen credentials to withdraw large amounts of money from the victim's account or commit other fraudulent acts. Most targeted brands are usually in the financial sector, including banks and online commerce sites.