Phishing Attacks Increase in Q1 as Cybercrooks Look for New Victims

Phishing activity in the first quarter of this year jumped 46% compared to the same period last year, according to a new security analysis by APWG.

The report, unsurprisingly entitled "Phishing Activity Trends Report, 1st Quarter 2018," also found that the number of phishing emails detected in the first quarter of 2018 stood at 263,538, up from the 180,577 observed in in the fourth quarter of 2017.

The first-quarter 2018 number is also significantly more than the 190,942 phishing emails researchers saw during the third quarter of 2017.

The report analyzes phishing attacks reported to the APWG by its member companies, through the organization's website and by email submissions. APWG counts unique phishing emails as those found in a given month that have the same subject line in the email.

The report also found that the online payment sector was targeted by phishing more than in any other industry sector, receiving 39.4% of all phishing emails.

(Source: iStock)

Increases in phishing that targeted SAAS and webmail providers (19%) and file hosting/sharing sites (11%) were found. Yet phishing against banks' brands dropped slightly, to 14%.

These unique URLs are automatically generated by phishers to allow for a one-time access by victims to a unique phishing URL.

The domain names were used by phishers were found to generally match market share among top-level domains and registrations. This may be because the phishers look for the cheapest and most ubiquitous registers when constructing their fraudulent activities.

The structure of phishing sites seems to have changed as well.

At the end of 2016, APWG found less than 5% of phishing sites were found on HTTPS infrastructure. By the second quarter of 2018, more than a third of phishing attacks were hosted on websites that had HTTPS and SSL certificates.

Since an SSL certificate is not necessary for a malicious website, why is this increase happening? It may be that phishers believe that the "HTTPS" designation will make a phishing site seem more legitimate to potential victims and more likely to lead to a successful outcome.

They may be right.

Not only that, many new browsers such as Chrome will insist on the HTTPS protocol be used by a site in order to seamlessly navigate to it without a displayed warning.

The report also noted an increase in activity in Brazil. Specifically, the study found many changes were occurring. The first quarter totals were slightly above the fourth quarter 2017 total of 16,559. Web site scams rose from 6,293 in the fourth quarter to 9,061 in the first quarter of this year, while mobile app scams fell from 3,184 in fourth quarter to 1,840 in first quarter.

Brazilian APWG members also reported SMS texts sent to mobile phones were used frequently. These messages sent phishing URLs to victims.

The report shows phishing isn't going away, but will change in how it responds to external forces.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.