APWG Notes Three-Year Phishing Record

Between July and September, members of the Anti-Phishing Working Group (APWG) identified 266,387 trap sites – significantly more than in the second quarter. This is a three-year phishing record. Experts last saw such high activity of phishers at the end of 2016.

APWG also received 122,359 phishing email reports last quarter, up from 112,163.
The number of brands borrowed when creating phishing sites has also increased. Researchers at MarkMonitor, who regularly participate in the compilation of APWG quarterly reports, recorded an average of more than 400 attacked brands each month, compared to 313 in the previous quarter.

“The main targets of phishers have remained the same – webmail and SaaS (software as a service, a total of 33% of incidents); collecting credentials for such services greatly facilitates the implementation of BEC schemes. In the reporting period, payment acceptance systems accounted for 21% of phishing attacks, and financial institutions accounted for 19%”, – say in the APWG.

According to Agari, another active member of APWG, in 40% of cases, BEC scammers sent fake emails from an account tied to a specially registered domain name, consonant with the name of a well-known company. Free mailboxes were used for this purpose in 54% of BEC attacks.

Agari identifies one grouping of this profile – it is assigned the code name Silent Starling. According to experts, it consists of three main participants, who usually hack the email account of the supplier, vendor or other partner of the intended victim and for a long time collect information by copying the correspondence.

Read also: From November 15, Twitter will ban any political advertising

APWG typically publishes phishing domain statistics based on data collected by RiskIQ. According to this source, 65% of the fake pages discovered in Q3 accounted for generic top-level domains .COM, .ORG, .NET, and other long-existing TLD zones. Of the regional TLDs, .BR (Brazil) and .GA (Gabon) are leaders in this indicator, registration in which is free. The Russian national domain ranked 10th in the overall ranking, sharing it with .AU and .TOP.

According to PhishLabs, another consistent co-author of APWG reports, over two-thirds (68%) of phishing sites currently use HTTPS – the highest rate in five years. In this regard, the researchers recall that the lock icon in the address bar of the browser only speaks of encrypted connections and does not guarantee the harmlessness of the online resource.

The activity of phishers in Brazil, which is regularly monitored by Axur, also continues to grow; According to experts, the number of such incidents in the country has more than doubled compared to the first quarter. This trend is particularly pronounced in email web service and SaaS. At the same time, attacks of fraudsters in the field of electronic commerce, which became more frequent in the II quarter, began to decline.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button