Briefing on Handling of Phishing Websites in January 2014
Secretariat of APAC
January 2014
Contents
1
2
Overview ................................................................................................................................... 3
Analysis of Handling Types ...................................................................................................... 3
2.1
Sources of reports about phishing websites .................................................................. 3
2.2
Distribution of the counterfeit objects of phishing websites this month ....................... 4
2.3
Distribution of industries relating to the phishing websites .......................................... 5
2.4
Domain names distribution of phishing websites this month ........................................ 6
2.5
Distribution of phishing website domain names in all TLDs ........................................ 6
2.6
Distribution of registrars for phishing website domain names ...................................... 7
1 Overview



971 phishing websites were handled by APAC in January 2014.
169,806 phishing websites have been verified and managed by APAC by January 2014.
Monthly handling of phishing websites is as follows:
12000
11002
10064
10000
8686
8000
7026
7313
5894
6000
5681
4754
4000
2186
2000
1487
827
1376
971
0
Fig. 1
Monthly handling of phishing websites
2 Analysis of Handling Types
2.1 Sources of reports about phishing websites
In this month, the reports about phishing websites are mainly from Alliance members, China
Internet Illegal Information Reporting Center (12321) and the public.
The number of phishing websites reported by members of APAC accounted for 58.91% of all the
reported phishing websites in this month.
In this month, quantity of phishing websites delivered by China Internet Illegal Information
Reporting Center (12321) accounted for 36.97% of all the handled phishing websites. The
percentage showed a rising momentum in the recent month.
Reported
from
public
4.12%
12321
36.97%
Reported
by APAC
member
58.91%
January 2014
Fig. 2
Sources of reports about phishing websites
2.2 Distribution of the counterfeit objects of phishing websites this month
Among all reports about phishing websites received by APAC this month, 78.79% of all the
reported phishing websites counterfeited the websites of taobao.com, ICBC, Hunan TV and CCTV.
Percentage of counterfeit websites of ICBC ranked the first in all counterfeit phishing websites.
China Zhejiang TV
Others
merchants 2.68% 5.36%
bank
4.33%
Bank of
China
8.86%
CCTV
9.06%
taobao.com
9.58%
ICBC
45.01%
Hunan TV
15.14%
January 2014
Fig. 3
Counterfeit objects of phishing websites
2.3 Distribution of industries relating to the phishing websites
The top three industries involving phishing websites in this month include payment and
transactions, finance and securities, and media and communication. They made up of 96.4% of all
the handled sites. The proportion of phishing websites involving finance and securities industry
accounts for 55.20%，ranking first of all handled websites in this month.
Media and Others
communicatio 0.77%
n
1.98%
Instant
messaging
0.06%
Email
0.01%
Online games
0.01%
Finance and
securities
20.78%
Payment and
transactions
76.39%
November 2013
Others
3.09%
Instant Online games Travel and
messaging
0.21%
hoteling
0.21%
0.10%
Pament and
transactions
14.11%
Media and
communicatio
n
27.09%
Finance and
securities
55.20%
January 2014
Fig. 4
Distribution of industries involving the phishing websites
2.4 Domain names distribution of phishing websites this month
a. Phishing websites with .CN domain name and non-.CN domain names
8 phishing websites with .CN domain name were reported this month, accounting for 0.82% of all
the handled phishing websites of the month. Strict enforcement and unremitting improvement of
the real-name registration system of .CN domain name contribute to the low percentage of
phishing websites involving .CN domain name.
Phishing websites with non-.CN domain names handled this month reached 963. The details are as
follows:
12000
10907
10000
9940
8545
8000
7174
6913
6000
5792
4000
2000
5536
4710
2172
1474
812
15
1367
141
139
102
124
95
145
14
Fig. 5
Tendency chart of phishing websites with .CN(-) and non-.CN(-) domain names
13
9
44
113
0
963
8
2.5 Distribution of phishing website domain names in all TLDs
Phishing websites with domain names of .COM, .TK, .NET and .PW accounted for 91.87% of all
the handled phishing websites, in which the phishing websites with .COM ranked the first among
all domain names. Phishing websites under such unpopular domain names as .PW and .CF
increased this month, with the percentage being 3.50% and 0.41% respectively of all the handled
phishing websites of the month.
pw
org
cf
info
us
other
cn
3.50% 0.62% 0.41% 0.41% 0.41% 5.46% 0.82%
net
4.84%
tk
9.17%
com
74.36%
January 2014
Fig. 6
Distribution of TLDs relating to the phishing websites
2.6 Distribution of registrars for phishing website domain names
a. Analysis of domestic domain name registrars
As for the registrars of phishing website domain names, the top four domestic domain name
registrars are Donanrongtong, Xinnet, 35 Technology, and Xinwanghulian. Percentage of phishing
website domain names related to Dongnanrongtong grew this month. For the phishing websites
with their domain names registered in China, their domain name resolutions have been suspended
or their phishing pages have been deleted.
Others
5.07%
Foshanyidong
Jiangsubangni 2.06%
ng
Shanghai 5.07%
Yovole
6.00%
HI China
9.01%
Dongnanrong
tong
24.58%
Xinwanghulia
n
12.76%
35
Technology
16.51%
Xinnet
18.95%
January 2014
Fig. 7
Distribution of domestic registrars for phishing website domain names
b. Analysis of overseas domain name registrars
Top three overseas domain name registrars are DOT TK 、GODADDY、ENOM. For phishing
websites with the domain names registered overseas, APAC had delivered the addresses to a third
party partner to block the visit. Meanwhile, APAC delivered all phishing websites with .TK
domain name to DOT TK, which would assist in suspending the resolution.
TURNCOMME DOMAIN NAME TUCOWS
RCE
2.74%
2.05% 1.60%
3.42%
PDR
5.02%
NETWORK
SOLUTIONS
6.39%
OTHER
38.36%
ENOM
9.59%
GODADDY
11.64%
DOT TK
19.18%
January 2014
Fig. 8
Distribution of major overseas registrars for phishing website domain names
Profile of Anti-Phishing Alliance of China
Founded on July 18, 2008, the Anti-Phishing Alliance of China ("APAC") is made up of domestic
banks, securities institutions, e-business websites, domain name registries, domain name registrars,
experts and scholars, serving as the only coordination organization for the purpose of solving the
problem of phishing websites. At present, it has more than 500 member units. APAC has
established a quick handling mechanism to address the problem. By stopping resolution services
for phishing websites with a CN domain name or non-CN domain name or by giving warnings,
APAC terminates the harm of such websites in a timely manner to ensure a trusted network. China
Internet Network Information Center ("CNNIC"), the domain name registry in China, fulfills the
responsibility of the secretariat of APAC.
At present, various phishing websites in the world have had a severe impact on online financial
services and e-business development, jeopardized public interest and shaken the confidence of the
public in using the Internet. Due to the features of the Internet, the cross-boarder distribution and
hazard of phishing websites have become an intractable problem that draws the worldwide
attention. Therefore, it is a top priority to stop the harm of phishing websites in a timely and
effective manner by establishing a quick handling mechanism. APAC is devoted to establishing an
anti-phishing coordination mechanism, facilitating the construction of a comprehensive
management system, enhancing cooperation and exchange on anti-phishing efforts, sharing
information in this regard, and organizing its members to jointly prevent, discover and tackle
phishing websites.
APAC is the first non-governmental industrial coordination organization in China established for
the sole purpose of solving this problem. By borrowing international experience and practices and
focusing on the "short survival but great harm" feature of these websites, APAC has coordinated
the efforts of all interested parties and established a quick handling mechanism against phishing
websites so as to prevent any potential harm. It cracks down on phishing websites from the root of
Internet application—domain name, aiming at constructing a trusted network.
To best safeguard public interest, APAC will first protect financial institutions such as major banks
and securities institutions, famous e-business enterprises and online payment systems which are
closely related to the property of the public. Phishing websites have frequently shown up in these
fields, causing great losses.
In particular, APAC has set up an Expert Guiding Committee which is made up of experts and
leaders to guide APAC in its work. The National Computer Virus Emergency Response Center and
the National Computer Network Emergency Response Technical Team/Coordination Center of
China act as the third-party technical validation institutions of APAC.
APAC is a non-governmental organization whose members include domain name registries,
domain name registrars, banks, securities institutions, e-business enterprises and network security
enterprises, and whose purpose is to discover and tackle phishing websites, especially those that
pretend to be its members. So far, APAC has included more than three hundred financial
institutions and dozens of e-business websites, as well as major domestic registrars of domain
names.
The Secretariat of APAC is based at CNNIC, and is responsible for the daily operation, meeting
convening and emergency handling of APAC.
Experts of APAC are reminding netizens to be cautious during online shopping and E-bank
payment so as not to be harmed by phishing websites.