Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV //

Phishing

8/6/2018
09:35 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Phishing Attacks Increase in Q1 as Cybercrooks Look for New Victims

An analysis by APWG saw a significant increase in the number of phishing attacks in the first quarter of this year, as cybercriminals looked for new victims.

Phishing activity in the first quarter of this year jumped 46% compared to the same period last year, according to a new security analysis by APWG.

The report, unsurprisingly entitled "Phishing Activity Trends Report, 1st Quarter 2018," also found that the number of phishing emails detected in the first quarter of 2018 stood at 263,538, up from the 180,577 observed in in the fourth quarter of 2017.

The first-quarter 2018 number is also significantly more than the 190,942 phishing emails researchers saw during the third quarter of 2017.

The report analyzes phishing attacks reported to the APWG by its member companies, through the organization's website and by email submissions. APWG counts unique phishing emails as those found in a given month that have the same subject line in the email.

The report also found that the online payment sector was targeted by phishing more than in any other industry sector, receiving 39.4% of all phishing emails.

Increases in phishing that targeted SAAS and webmail providers (19%) and file hosting/sharing sites (11%) were found. Yet phishing against banks' brands dropped slightly, to 14%.

These unique URLs are automatically generated by phishers to allow for a one-time access by victims to a unique phishing URL.

The domain names were used by phishers were found to generally match market share among top-level domains and registrations. This may be because the phishers look for the cheapest and most ubiquitous registers when constructing their fraudulent activities.

The structure of phishing sites seems to have changed as well.

At the end of 2016, APWG found less than 5% of phishing sites were found on HTTPS infrastructure. By the second quarter of 2018, more than a third of phishing attacks were hosted on websites that had HTTPS and SSL certificates.

Since an SSL certificate is not necessary for a malicious website, why is this increase happening? It may be that phishers believe that the "HTTPS" designation will make a phishing site seem more legitimate to potential victims and more likely to lead to a successful outcome.

They may be right.

Not only that, many new browsers such as Chrome will insist on the HTTPS protocol be used by a site in order to seamlessly navigate to it without a displayed warning.

The report also noted an increase in activity in Brazil. Specifically, the study found many changes were occurring. The first quarter totals were slightly above the fourth quarter 2017 total of 16,559. Web site scams rose from 6,293 in the fourth quarter to 9,061 in the first quarter of this year, while mobile app scams fell from 3,184 in fourth quarter to 1,840 in first quarter.

Brazilian APWG members also reported SMS texts sent to mobile phones were used frequently. These messages sent phishing URLs to victims.

The report shows phishing isn't going away, but will change in how it responds to external forces.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12525
PUBLISHED: 2021-01-22
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12511
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.