Between July and September, members of the Anti-Phishing Working Group (APWG) identified 266,387 trap sites – significantly more than in the second quarter. This is a three-year phishing record. Experts last saw such high activity of phishers at the end of 2016.
APWG also received 122,359 phishing email reports last quarter, up from 112,163.
The number of brands borrowed when creating phishing sites has also increased. Researchers at MarkMonitor, who regularly participate in the compilation of APWG quarterly reports, recorded an average of more than 400 attacked brands each month, compared to 313 in the previous quarter.
“The main targets of phishers have remained the same – webmail and SaaS (software as a service, a total of 33% of incidents); collecting credentials for such services greatly facilitates the implementation of BEC schemes. In the reporting period, payment acceptance systems accounted for 21% of phishing attacks, and financial institutions accounted for 19%”, – say in the APWG.
According to Agari, another active member of APWG, in 40% of cases, BEC scammers sent fake emails from an account tied to a specially registered domain name, consonant with the name of a well-known company. Free mailboxes were used for this purpose in 54% of BEC attacks.
Agari identifies one grouping of this profile – it is assigned the code name Silent Starling. According to experts, it consists of three main participants, who usually hack the email account of the supplier, vendor or other partner of the intended victim and for a long time collect information by copying the correspondence.
APWG typically publishes phishing domain statistics based on data collected by RiskIQ. According to this source, 65% of the fake pages discovered in Q3 accounted for generic top-level domains .COM, .ORG, .NET, and other long-existing TLD zones. Of the regional TLDs, .BR (Brazil) and .GA (Gabon) are leaders in this indicator, registration in which is free. The Russian national domain ranked 10th in the overall ranking, sharing it with .AU and .TOP.
According to PhishLabs, another consistent co-author of APWG reports, over two-thirds (68%) of phishing sites currently use HTTPS – the highest rate in five years. In this regard, the researchers recall that the lock icon in the address bar of the browser only speaks of encrypted connections and does not guarantee the harmlessness of the online resource.
User Review( votes)