In April 2007, the number of unique phishing websites detected by APWG was 55,643. In its report, the association shows a 166% rise from the previous month and 48% from the previous high for phishing URLs (in October 2006).

This trend indeed is going up. It does not follow the total number of unique phishing reports submitted to APWG. This other statistics is steady and, surprisingly known mirror sites are more numerous than known attacks!

In this report, Laura Mather, Ph.D., Senior Scientist at MarkMonitor explains this huge number. Similar to what they were doing in late 2006, the phishers start again using the tactic of putting a large numbers of mirror sites on the same domain. She relates to have seen cases where there were thousands.

Typically, URL multiplying techniques involve apparently automated creation of subdomains (xxxx.fakedomain.com) to establish discrete hosts for phishing sites or the use of different directories on the same domain (xxxx.fakedomain.com/xxxx).

Criminals do this in an attempt to get around website blocking that Internet Explorer 7.0 and Firefox 2 have deployed to protect consumers from fraudulent sites.

The last APWG Phishing Trends Activity Report (April 2007) is available here : http://www.antiphishing.org/reports/apwg_report_april_2007.pdf