Symantec Global internet Security threat report
Countries hosting phishing URLs and top targeted sectors
the data for this section is determined by gathering links in phishing email messages and cross-referencing the addresses with several third-party subscription-based databases that link the geographic locations of systems to ip addresses. in this case, Symantec counts phishing UrLs as the number of unique ip addresses hosting Web pages used for phishing. While these databases are generally reliable, there is a small margin of error. the data produced is then used to determine the global distribution of phishing UrLs.
Phishing site top-level domains
the data for this section is determined by deriving the top-level domains of each distinct phishing website UrL. the resulting top-level domains are tabulated and compared proportionately.
Automated phishing toolkits
the data in this section is derived from UrLs gathered by the Symantec prn. the UrLs are sorted and grouped according to specific patterns indicating they were generated by an automated script or phishing kit. Each phishing kit generates UrLs with a distinct signature and can be grouped according to these distinguishing characteristics. the monthly total of each group of UrLs indicates the level of use of each automated phishing kit.
Underground economy servers—goods and services available for sale
this metric is based on data that is gathered by proprietary Symantec technologies that observe activity on underground economy servers and collect data. Underground economy servers are typically chat servers on which stolen data, such as identities, credit card numbers, access to compromised computers, and email accounts are bought and sold. Each server is monitored by recording communications that take place on them, which typically includes advertisements for stolen data. this data is used to derive the data presented in this metric. it should be noted that this discussion might not necessarily be representative of internet- wide activity; rather, it is intended as a snapshot of the activity that Symantec observed during this period.
Description of goods and services advertised on underground economy servers may vary from vendor to vendor. the following list shows typical goods and services that are found on these servers and general descriptions of each:
Bank account credentials—may consist of name, bank account number (including transit and branch number), address, and phone number. Online banking logins and passwords are often sold as a separate item.
Cash out—a withdrawal service where purchases are converted into true currency. this could be in the form of online currency accounts or through money transfer systems and typically, the requester is charged a percentage of the cashout value as a fee.