APWG Phishing Activity Trends Reports for Q3’19 Raise Alarm
by CIRT Team
For a long period of time phishing is one of the major cyber threats in cyberspace. Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. For past few years we have noticed a rise in the phishing attack in all part of the globe. Anti Phishing Working Group (APWG) provide us with quarterly report for phishing activity trends which shows an alarming status for Q3, 2019. Founded in 2003, the Anti-Phishing Working Group (APWG) is a not-for-profit industry association focused on eliminating the identity theft and frauds that result from the growing problem of phishing, crime ware, and email spoofing. Membership is open to qualified financial institutions, online retailers, ISPs, solutions providers, the law enforcement community, government agencies, multi-lateral treaty organizations, and NGOs. There are more than 2,000 enterprises worldwide participating in the APWG. As reported to the APWG by their member companies & Global research partners through its website and e mail, the APWG Phishing Threat Trends Report analyzes phishing attacks and other identities theft methods. Through drawing on studies from member companies and industry experts, APWG tests the growth, prolife and dissemination of identity stealing methods.
The major findings of APWG Phishing Activity Trend Report of Q3’2019 are:
- During the third quarter of 2019, the number of phishing attacks grew to a high level not seen since the end of 2016.
- 40% of Business Email Compromise (BEC) attacks use fraudulent domain names, a tactic used to trick unwanted victims.
- SSL authentication is used by more than two thirds of all phishing sites. This is the highest proportion since monitoring began at the beginning of 2015 and is a clear sign that users cannot rely solely on SSL to understand whether or not a site is safe.
- The target webmail and software-as a-service (SaaS) users has remained the largest phishing target segment.
- In South America, too, phishing rocked upwards.
In the third quarter of 2019, APWG observed 266387 phishing sites, up 46 percent from 182465 recorded throughout Q2, nearly double that of 138328 registered in Q4 2018.
Figure 1: Total Phishing in Q3’19
Figure 2: Rise of phishing Q3’19
“This is the worst period for phishing that the APWG has seen in three years, since the fourth quarter of 2016,” said Greg Aaron, APWG Senior Research Fellow and President of Illumintel Inc. In the fourth quarter of 2016, the APWG registered 277,693 attacks.
The number of brands targeted in Q3 has rose significantly in addition to the rise in phishing volume; attacks against more than 400 different brands (companies) per month in Q3, versus an average of 313 per month in Q2. The amount of unique phishing data submitted to APWG at 3Q 2019 stood at 122,359, relative to 112,163 in the second quarter.
Figure 3: The amount of unique phishing data
SaaS and Webmail were the main targets of phishing in the third quarter of 2019 followed by payment, financial institutions.
Figure 4: Most Targeted Industry Q3’19
More than two thirds (68 percent) of all phishing sites used SSL in Q3 2019. The previous quarter the figure was 54%. John LaCour, PhishLabs Founder and CTO said “This is the highest number of phishing sites using SSL since we began tracking it in early 2015, and a clear indicator that users can’t rely on SSL alone to indicate whether or not a site is safe.”
Figure 5: Phishing attacks hosted on HTTPS Q3’19
To order to compile its data set, APWG contributor Agari analyzed thousands of BEC attack reported to Q3. Agari defines BEC as any response-based spear phishing assault involving the impersonation of a trustworthy party to make financial transactions or to submit sensitive material to a target. Agari estimated that during the third quarter in 2019, scammers demanded funding in form of gift cards from 56% in Q3, which was 65% in Q2. Around 25% of attacks sought a diversion of the payroll and 19% requested direct bank transactions.
Figure 6: Most used BEC Cash-out Method Q3’19
Recent statistics indicate that Phishing attackers are focused on banks and financial institutions, social media and gaming sites. Initially targeting general consumers, phishing attacks are now evolving into high-profile targets that seek to steal intellectual property, corporate secrets and information, such as national safety. Phishing scams are sadly in constant development and it is difficult to identify each. It is therefore essential for organizations and governments to coordinate safety education programs in order to keep employees and the general public knowledgeable of the hazards of phishing attacks.
Author: Md. Sabbir Hossain, IT Policy & Risk Analyst, BGD