[news release] The APWG’s new Phishing Activity Trends Report reveals that the number of phishing attacks observed by APWG members grew through 2020, fully doubling over the course of the year. Attacks peaked in October 2020, with a high of 225,304 new phishing sites appearing in that month alone, breaking all previous monthly records.
In Brazil, security firm Axur saw a slower growth in the number of phishing attacks that targeted Brazilian companies and consumers in Brazil. But overall, Axur observed almost twice as many such phishing sites in 2020 as it did in 2019, a concerning year-over-year growth.
APWG contributor OpSec Security found that phishing that targeted financial institutions was the largest category of phishing in the fourth quarter, at 22.5 percent of all attacks. This category nosed out webmail and Software-as-a-Service (SaaS), which experienced 22.2 percent of all attacks. Phishing against the social media sector declined slightly to 11.8 percent, even as social media usage was high during the U.S. presidential election. In Brazil, Axur found that phishing against e-commerce sites constituted 45 percent of phishing attacks, perhaps taking advantage of consumers who are staying at home and using online shopping during the COVID-19 pandemic.
APWG contributor Agari continued to track “business email compromise” (BEC) attacks, one of the most damaging types of Internet crimes. BEC attacks that sought wire transfers from victim companies sought an average of $75,000 – a 56 percent increase from $48,000 in the third quarter of 2020. This increase is primarily due to a resurgence in BEC campaigns from “Cosmic Lynx,” a sophisticated Russian-based crime group. Agari observed one BEC attack in progress in which the wire transfer request was for a whopping $999,600.
RiskIQ analyzed the use of domain names for phishing. “It appears that most of the domain names used for phishing are not compromised infrastructure, but are malicious domain name registrations created by the threat actors themselves,” said Jonathan Matkowsky of RiskIQ’s Incident Investigation and Intelligence (i3) team. Both RiskIQ and Agari saw these kinds of criminal domain name registrations were concentrated at a few registrars and in a few top-level domains.
Phishers are also deploying encryption to fool users into thinking that phishing sites are legitimate and safe. APWG contributor PhishLabs found that in the fourth quarter of 2020, 84 percent of phishing sites had SSL encryption enabled. Encryption is deployed on phishing sites more often than on regular web sites: SSL is currently found on only 66.8 percent of all web sites across the Internet.
The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_q4_2020.pdf
About the APWG
Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 1,800 companies, government agencies and NGOs participating in the APWG worldwide. The APWG’s www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection.