APWG logo

APWG Report: Phishing Attack Numbers Drop 20 Percent from Historical Highs

APWG logo[news release] The APWG reports in its Q1 2013 Phishing Activity Trends Report that phishing attack frequency declined 20 percent from Q4 2012 to Q1 2013, due to a precipitous drop in virtual server phishing attacks. Statistics indicate that phishing levels are returning to the levels seen prior to the record-setting highs of 2012.

Phishing attack numbers dropped from Q4 2012 to Q1 2013, from 46,066 in January to 36,983 in March. The number of unique phishing reports submitted to APWG each month also saw a massive decrease during the quarter, dropping 31 percent from January to March. January’s total of 28,850 was 29 percent lower than the all-time high of 40,621 reports, recorded in August 2009.

The Q1 2013 drop in phishing attacks was precipitated by a steep decline in virtual server phishing attacks. A virtual server phishing attack is an incident wherein a cybercriminal breaks into a single web server that hosts a large number of domains – and then creates and hosts phishing pages on each one of those domains. This method can efficiently yield a large number of attacks. “The drastic decrease likely indicates that cybercriminals are utilizing the servers they compromise not for phishing attacks, but rather for more malware or distributed denial of service attacks,” said Rod Rasmussen, CTO of Internet Identity and a Trends Report contributor.

Another set of statistics also demonstrated criminals seeking out compromised servers they could use to distribute malware. During March, the percentage of phishing-based Trojans and downloader malware hosted in the USA dropped from 37 percent to less than 20 percent. “While tracking the decrease in US-hosted phishing websites we noticed a corresponding increase in phishing sites hosted in Canada,” said Carl Leonard of Websense. “Canadian-hosted phishing decreased in 2012, so we may seeing the beginning of a trend reversal in Q1 2013.”

Trojans continue to account for about three-quarters of all newly detected crimeware threats.

The full text of the report is available here: docs.apwg.org/reports/apwg_trends_report_q1_2013.pdf

About the APWG

The APWG, founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide. The APWG’s www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the Stop. Think. Connect. Messaging Convention, the global online safety public awareness collaborative www.stopthinkconnect.org and founder/curator of the eCrime Researchers Summit, the world’s only peer-reviewed conference dedicated specifically to electronic crime studies www.ecrimeresearch.org.

Among APWG’s corporate sponsors are as follows: Afilias Ltd., AhnLab, AT&T(T), Avast!, AVG Technologies, BBN Technologies, Barracuda Networks, BillMeLater, Bkav, Booz Allen Hamilton, Blue Coat, BrandMail, BrandProtect, Bsecure Technologies, CSC Digital Brand Services, Check Point Software Technologies, Comcast, CSIRTBANELCO, Cyber Defender, Cyveillance, DigiCert, Domain Tools, Donuts.co, Easy Solutions, eBay/PayPal (EBAY), eCert, EC Cert, ESET, EST Soft, Facebook, Fortinet, FraudWatch International, F-Secure, GlobalSign, GoDaddy, Google, GroupIB, Hauri, Hitachi Systems, Ltd., Huawei Symantec, ICANN, Iconix, IID, IronPort, ING Bank, Intuit, Internet.bs, IT Matrix, Kindsight, LaCaixa, Lenos Software, MailShell, Malcovery, MarkMonitor, M86Security, McAfee (MFE), Melbourne IT, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, NHN, MyPW, nProtect Online Security, Netcraft, Network Solutions, NeuStar, Nominet, Nominum, Public Interest Registry, Panda Software, Phishlabs, Phishme.com, Phorm, Planty.net, Prevx, Proofpoint, QinetiQ, Return Path, RSA Security (EMC), RuleSpace, SAIC (From Science to Solutions), SalesForce, SecureBrain, S21sec, SIDN, SiteLock, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust, SurfControl, Symantec (SYMC), Tagged, TDS Telecom, Telefonica (TEF), TransCreditBank, Trend Micro (TMIC), Trustwave, Vasco (VDSI), VeriSign (VRSN), Websense Inc. (WBSN), Wombat Security Technologies, Yahoo! (YHOO), zvelo and ZYNGA.