Phishing scam websites are being shut down faster than ever.
The average number of days such a site remains online has dropped to 5.5 days, a sign that countermeasures are being enacted with increased speed, according the Anti-Phishing Working Group (APWG), which monitors phishing trends and online crime.
"It's a complete victory," said Peter Cassidy, secretary general of APWG. "It means the work by the forensic and counter-phishing community is working."
In its August 2005 phishing report, released today, the APWG found that new phishing campaigns had fallen for the second consecutive month, from an all-time high of 5,259. July saw 4,564 sites reported.
As recently as 18 months ago, operators of phishing sites could be fairly confident a site would function for a week or more, collecting information such as user names and passwords to banking sites and other sensitive data. But Cassidy said now when phishing sites are detected, ISPs are contacted and the sites are taken down faster.
Banks and other organisations are also doing pre-emptive analyses of their own Web logs to make sure they are not being copied for a counterfeit site, he said. "You add all of this up and it's getting harder to launch an attack."
To combat the counterphishing techniques, phishers are now setting up multiple sites so that if one is taken down, another pops up, Cassidy said. Redirect schemes are also used where sites change from minute to minute, he said.
It means it is getting more costly to set up phishing operations though. But until phishing gets to be more expensive than selling drugs or stolen car parts, the scams are unlikely to decline, Cassidy said.