On March 4, APWG (formerly the Anti-Phishing Working Group released its report on phishing trends for the fourth quarter of 2018. The report included the following key trends and developments:
- Phishing Sites: In Q4, APWG detected 138,328 phishing sites. This continued the steady decline in phishing sites over Q1 (263,538), Q2 (233,040), and Q3 (151,014), and amounts to only 52 percent of the Q1 total. As was the case in Q3, APWG members still detected an increased number of redirectors before the phishing landing page, and after the victim submitted his or her data, “in an effort to obfuscate phishing URLs from detection.”
- Phishing Reports: In Q4, 239,910 phishing reports were submitted to APWG, slightly lower overall than Q2 (262,704) and Q3 (264,483).
- Most-Targeted Industry Sectors: According to MarkMonitor data, phishing that targeted software as a service (SaaS) and Webmail services’ brands increased dramatically, from 20.1 percent of all attacks in Q3 to nearly 30 percent in Q4. In contrast, attacks against cloud storage and file hosting sites continued to decrease, from 11.3 percent of all attacks in Q1 to 4 percent in Q4.
- Use of Domain Names for Phishing: 6,718 confirmed phishing URLs reported to APWG in Q4 were hosted on 4,485 unique second-level domains. The highest-ranked Top Level Domain (TLD) used for phishing was the legacy globalTLD .com, which accounted for 2,098 unique domains for phishing.
- Use of HTTPS Encryption Protocol: APWG contributor PhishLabs found that in 4Q, for the first time since it began measuring use of the HTTPS encryption protocol by phishing sites, the number of phishing sites protected by HTTPS fell slightly to 47 percent of all phishing sites. That 47 percent, however, is still the second-highest percentage (other than 3Q 2018) since Q1 2015.
- Phishing Kits with “Black Friday” Theme: In November 2018, Brazil-based firm Axur saw
phishing kits being sold with a Black Friday [November 23, 2018] theme. Phishing kits are software packages that allow a phisher to set up phishing sites, send out spam messages to lure in victims, collect the data from the victims, and other useful capabilities. This kind of phishing is very popular in Brazil during the week preceding Black Friday and it affects the country’s main e-commerce companies.
Note: Chief Information Security Officers (CISOs) and Chief Compliance Officers (CCOs), should share this information with their respective teams. Because cybercrime techniques change so quickly, information that identifies critical trends affecting particular business sectors needs to disseminated quickly as well.