On February 24, the APWG (formerly the Anti-Phishing Working Group) released its report for the 4th quarter of 2019 on phishing activity trends. Key points in the report include:
- Number of Phishing Sites: The number of unique phishing sites fluctuated substantially during 4Q2019, from 76,804 in October to 39,580 in November to 45,771 in December. (3)
- Number of Brands Targeted: The number of brands targeted by phishing attacks remained highly consistent, averaging 333 per month. (3)
- Phishing Targets: Software-as-a-service (SaaS) and webmail sites remained the most frequent targets of phishing, accounting for 30.8 percent of targeted sectors. “Phishers continue to harvest credentials to those kinds of sites, using them to perpetrate business e-mail compromises (BEC) and to penetrate corporate SaaS accounts.” The next most-targeted sectors were payment (19.8 percent) and financial institutions (19.4 percent). Attacks against the cryptocurrency, logistics/shipping, gaming, insurance, energy, government, and healthcare sectors were negligible during the quarter, as each accounted for less than 1 percent of all phishing attacks detected. (5)
- Business Email Compromise: In business email compromise (BEC) schemes, criminals used gift cards most frequently (62 percent) to cash out, perpetrating Business Email Compromise (BEC) attacks used gift cards to cash out during the holiday shopping season. The report indicated that cybercriminals may have been seeking to launder money by using the cards to buy physical goods that they can then sell. (6-7)
- SSL Protection: 74 percent of all phishing sites use Transport Layer Security (TLS) or Secure Socket Layer (SSL) protection. This percentage – the highest recorded since the start of 2015 – provides yet another indication that users cannot rely on SSL alone to determine whether a site is safe or not. (11)
- Brazilian Trends: In Brazil, the number of phishing incidents in Brazil increased dramatically, from 3,230 in 1Q2019 to 8,872 in 4Q2019. (9-10)
Note: This Report, like the other APWG phishing trends reports, demonstrates the ubiquity and adaptability of sophisticated cybercriminals. Information security officers should disseminate the Report to their teams, and share it with their financial-crimes compliance teams as well.