Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV //

Phishing

8/6/2018
09:35 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Phishing Attacks Increase in Q1 as Cybercrooks Look for New Victims

An analysis by APWG saw a significant increase in the number of phishing attacks in the first quarter of this year, as cybercriminals looked for new victims.

Phishing activity in the first quarter of this year jumped 46% compared to the same period last year, according to a new security analysis by APWG.

The report, unsurprisingly entitled "Phishing Activity Trends Report, 1st Quarter 2018," also found that the number of phishing emails detected in the first quarter of 2018 stood at 263,538, up from the 180,577 observed in in the fourth quarter of 2017.

The first-quarter 2018 number is also significantly more than the 190,942 phishing emails researchers saw during the third quarter of 2017.

The report analyzes phishing attacks reported to the APWG by its member companies, through the organization's website and by email submissions. APWG counts unique phishing emails as those found in a given month that have the same subject line in the email.

The report also found that the online payment sector was targeted by phishing more than in any other industry sector, receiving 39.4% of all phishing emails.

Increases in phishing that targeted SAAS and webmail providers (19%) and file hosting/sharing sites (11%) were found. Yet phishing against banks' brands dropped slightly, to 14%.

These unique URLs are automatically generated by phishers to allow for a one-time access by victims to a unique phishing URL.

The domain names were used by phishers were found to generally match market share among top-level domains and registrations. This may be because the phishers look for the cheapest and most ubiquitous registers when constructing their fraudulent activities.

The structure of phishing sites seems to have changed as well.

At the end of 2016, APWG found less than 5% of phishing sites were found on HTTPS infrastructure. By the second quarter of 2018, more than a third of phishing attacks were hosted on websites that had HTTPS and SSL certificates.

Since an SSL certificate is not necessary for a malicious website, why is this increase happening? It may be that phishers believe that the "HTTPS" designation will make a phishing site seem more legitimate to potential victims and more likely to lead to a successful outcome.

They may be right.

Not only that, many new browsers such as Chrome will insist on the HTTPS protocol be used by a site in order to seamlessly navigate to it without a displayed warning.

The report also noted an increase in activity in Brazil. Specifically, the study found many changes were occurring. The first quarter totals were slightly above the fourth quarter 2017 total of 16,559. Web site scams rose from 6,293 in the fourth quarter to 9,061 in the first quarter of this year, while mobile app scams fell from 3,184 in fourth quarter to 1,840 in first quarter.

Brazilian APWG members also reported SMS texts sent to mobile phones were used frequently. These messages sent phishing URLs to victims.

The report shows phishing isn't going away, but will change in how it responds to external forces.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
CVE-2020-15821
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVE-2020-15823
PUBLISHED: 2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVE-2020-15824
PUBLISHED: 2020-08-08
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVE-2020-15825
PUBLISHED: 2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.