APWG Publishes First-Quarter 2019 Phishing Activity Trends Report

On May 15, the APWG (formerly the Anti-Phishing Working Group) published its Phishing Activity Trends Report, 1st Quarter 2019.  The Report addressed the following topics:

  • Unique Phishing Websites Detected: The total number of unique phishing websites that the APWG detected in 1Q 2019 was 180,768. That represents a 30.7 percent increase from 4Q 2018 (138,328), and a 19.7 percent increase from 3Q 2018 (151,014).
  • Unique Phishing Reports from Consumers to the APWG: The total number of unique phishing reports that the APWG received from consumers in 1Q 2019 was 112,393. It should be noted that although the number of phishing reports received in January and February was almost identical (34,630 and 35,364, respectively), the number of reports received in March was 42,399 – a 19.9 percent increase since February.
  • Brands Targeted by Phishing Campaigns: The number of brands that phishing campaigns targeted remained fairly even during 1Q 2019 (327, 288, and 330 for January-March, respectively).
  • Most Targeted Industry Sectors: For the first time in APWG quarterly reports, Software-as-a-Service (SaaS) and webmail services became the most-targeted industry sector, with 36 percent of all phishing attacks (compared to 30 percent in 4Q 2018 and 20.1 percent in 3Q 2018).  The next four most-targeted industry sectors were payment (27 percent), financial institution (16 percent), e-commerce/retail (3 percent) and telecom (3 percent).  Attacks against cloud storage and file hosting sites accounted for only 2 percent of all attacks in 1Q 2019 – a substantial decline from 11.3 percent of all phishing attacks in Q1 2018.
  • Use of Encryption to Deceive Victims: In 1Q 2019, 58 percent of phishing sites used SSL certificates, indicating that they were protected by the HTTPS encryption protocol, to create a false appearance of legitimacy. That represents a 26 percent increase since 4Q 2018 (i.e., 46 percent using SSL certificates), as well as the highest percentage of phishing attacks hosted on HTTPS since Q1 2015.  According to John LaCour, Chief Technology Officer of PhishLabs, there are two reasons for phishers’ increased use of SSL certificates: more web sites in general are using SSL, because browsers are warning users when SSL is not used, “[a]nd most phishing is hosted on hacked, legitimate sites.”
  • Brazil Phishing Trends: In 1Q 2019, the volume of Brazil-related phishing (i.e., e attacks against Brazilian brands or against foreign services that are available in Portuguese in Brazil) increased since 4Q 2018 to 3,220, including more than 1,200 in January alone.  Brazil-related malware cases in 1Q 2019 were 180, and malware detections in March were less than at any time since the start of  4Q 2018.  The report also states that “[e]ach kind of malware identified during this period, on average, aimed to affect up to thirteen Brazilian financial institutions and their customers. The largest number of targets found in a single malware device was nineteen.”

Note: Chief Information Security Officers and Chief Compliance Officers should share these data with their respective teams for general awareness.  As with other APWG quarterly reports, this report reflects general data on phishing trends and not the severity of any single phishing attack on a particular company or financial institution.  Companies offering SaaS and webmail services, however, should take particular note of the significant increase in phishing attacks targeting their sectors.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s