Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV //

Phishing

8/6/2018
09:35 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Phishing Attacks Increase in Q1 as Cybercrooks Look for New Victims

An analysis by APWG saw a significant increase in the number of phishing attacks in the first quarter of this year, as cybercriminals looked for new victims.

Phishing activity in the first quarter of this year jumped 46% compared to the same period last year, according to a new security analysis by APWG.

The report, unsurprisingly entitled "Phishing Activity Trends Report, 1st Quarter 2018," also found that the number of phishing emails detected in the first quarter of 2018 stood at 263,538, up from the 180,577 observed in in the fourth quarter of 2017.

The first-quarter 2018 number is also significantly more than the 190,942 phishing emails researchers saw during the third quarter of 2017.

The report analyzes phishing attacks reported to the APWG by its member companies, through the organization's website and by email submissions. APWG counts unique phishing emails as those found in a given month that have the same subject line in the email.

The report also found that the online payment sector was targeted by phishing more than in any other industry sector, receiving 39.4% of all phishing emails.

(Source: iStock)
(Source: iStock)

Increases in phishing that targeted SAAS and webmail providers (19%) and file hosting/sharing sites (11%) were found. Yet phishing against banks' brands dropped slightly, to 14%.

These unique URLs are automatically generated by phishers to allow for a one-time access by victims to a unique phishing URL.

The domain names were used by phishers were found to generally match market share among top-level domains and registrations. This may be because the phishers look for the cheapest and most ubiquitous registers when constructing their fraudulent activities.

The structure of phishing sites seems to have changed as well.

At the end of 2016, APWG found less than 5% of phishing sites were found on HTTPS infrastructure. By the second quarter of 2018, more than a third of phishing attacks were hosted on websites that had HTTPS and SSL certificates.

Since an SSL certificate is not necessary for a malicious website, why is this increase happening? It may be that phishers believe that the "HTTPS" designation will make a phishing site seem more legitimate to potential victims and more likely to lead to a successful outcome.

They may be right.

Not only that, many new browsers such as Chrome will insist on the HTTPS protocol be used by a site in order to seamlessly navigate to it without a displayed warning.

The report also noted an increase in activity in Brazil. Specifically, the study found many changes were occurring. The first quarter totals were slightly above the fourth quarter 2017 total of 16,559. Web site scams rose from 6,293 in the fourth quarter to 9,061 in the first quarter of this year, while mobile app scams fell from 3,184 in fourth quarter to 1,840 in first quarter.

Brazilian APWG members also reported SMS texts sent to mobile phones were used frequently. These messages sent phishing URLs to victims.

The report shows phishing isn't going away, but will change in how it responds to external forces.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33600
PUBLISHED: 2021-09-28
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending ...
CVE-2021-33601
PUBLISHED: 2021-09-28
A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper server.
CVE-2021-36165
PUBLISHED: 2021-09-28
RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64.
CVE-2020-20691
PUBLISHED: 2021-09-27
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
CVE-2020-20692
PUBLISHED: 2021-09-27
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.