Security software companies are endangering efforts to target phishers by skewing the statistics to make the problem appear intractable, say experts.

Research by Cambridge University shows that more than half of the 35,518 sites reported for phishing between February and April 2007 were run by the single Rock-Phish gang.

But by emphasising the high number of individual incidents, software suppliers are making police less likely to investigate the source of the attacks, says Richard Clayton, report co-author and advisor to the House of Lords committee on internet security.

‘Security vendors are happy to accept inflated statistics to make the problem seem more important,’ said Clayton. ‘But the police will not prioritise investigations if there appear to be hundreds of small-scale phishing attacks rather than one criminal group.’

Targeting Rock-Phish would significantly reduce the problem at a stroke, says Clayton.

‘Law enforcement agencies need to correlate attacks more, because instead of opening 18,000 different crime reports you only need to open one,’ he said.

The Cambridge study is the first to analyse the success of Rock-Phish, a gang known to the security community since 2005.

Without a clear view of the phenomenon, the police cannot address it, says the banking industry. ‘Law enforcers talk about being swamped by e-crime, but they often don’t have the technical expertise to gauge the extent of the problem,’ said a well-placed source.

Andy Muddimer, head of internet banking at Alliance & Leicester, says that even though the number of incidents is rising, the number of criminals may not be. Because phishers use a technique whereby each site that is closed down automatically generates another, the figures are open to misinterpretation, he says.

‘The numbers look as if there are all these criminals out there, but it is not as bad as it is portrayed by security vendors,’ said Muddimer.

Detective Chief Superintendent Chris Corcoran, chairman of the Welsh E-crime Steering Group, says police do look for patterns.

The Cambridge University findings are based on analysis of records from PhishTank – the largest online clearing house of phishing data. They will be presented by co-author Tyler Moore at a conference tomorrow (Friday).

www.computing.co.uk/audio-video