APWG 2Q 2020 Report: Cybercrime Gangs Attempting and Achieving Heists of Increasing Scale

On August 27, the APWG (formerly Anti-Phishing Working Group) published its Phishing Activity Trends Report for the Second Quarter 2020.  The Report analyzes phishing attacks and other identity theft techniques, as reported to the APWG from a variety of sources.  The Report’s principal overall observation was that cybercrime gangs have been attempting and achieving heists of increasing scale. Key findings in the APWG Report included the following:

• Phishing Sites: In 2Q 2020, the number of phishing sites detected was 146,994.  This total represented an 11 percent decrease from the 165,772 sites detected in 1Q 2020.
• Most Targeted Industry Sectors: Software as a Service (SAAS) and webmail sites were most frequently targeted (34.7 percent of all attacks). Financial institution sites accounted for 18.0 percent, payment sites 11.8 percent, and social media 10.8 percent of all attacks.
• Business Email Compromise (BEC) Attacks: The average wire transfer loss from BEC attacks is increasing. The average wire transfer attempt in 2Q 2020 was $80,183 – a 48.4 percent increase from the average attempt of $54,000 in 1Q 2020.  In addition, 34 percent of BEC attacks in 2Q 2020 were sent from email accounts hosted on domains registered by scammers.  More than three quarters (76 percent) of those domains were registered at just five domain registrars: Namecheap (25 percent), Google (20 percent), Public Domain Registry (17 percent), NameSilo (7 percent), and Tucows (7 percent).  The Report also stated that one documented Russian BEC operation, which “attacks large multinational organizations, many of which are Fortune 500 and Global 2000 companies,” has sought an average of $1.27 million when it targets companies.
• Phishing Attacks in Brazil: Although the banking and financial sector “is still the primary target of phishing attacks in Brazil,” the Report noted that there were 9,572 unique phishing cases in Brazil in 2Q 2020 (a decrease from 10,910 unique phishing cases in 1Q 2020), and that a decrease in cases of digital fraud in June 2020 was most evident in the banking and financial sector.
• Phishing Sites’ Use of HTTPS: Since 2016, according to APWG data, there has been a fairly consistent and substantial increase in the number of phishing sites that use the HTTPS encryption protocol.  In 2Q 2020, the percentage of phishing sites using Secure Socket Layer/Transport Layer Security certificates increased slightly to 77.6 percent (compared to 74 percent in 1Q 2020).

Note: This latest APWG Report points up a number of troublesome phishing trends, notably the increase  in the average BEC wire transfer losses and the increase in phishers’ use of HTTPS to enhance the credibility of their sites.  Information security officers should read this Report and share it with their information security teams.