Phishing attacks are not going away.
They remained a steady tactic used by cybercriminals throughout the first half of 2017, according to the Phishing Activity Trends Report recently released by the Anti-Phishing Working Group (APWG), an international coalition of industry, government, law enforcement and nongovernmental organizations.
In phishing attacks, scammers use fraudulent websites and false emails. Perpetrators attempt to steal personal data, most commonly passwords and credit card information.
The number of unique phishing email campaigns averaged around 98,000 per month in the first half of 2017, with a spike of 121,000 in March. The spike may have been tied to an upswing in the W-2 email phishing scam that the IRS warned about in February. The APWG report contained a number of interesting insights on phishing activity so far this year.
Those launching phishing attacks continued a years-long trend of focusing on only a few hundred companies at a time. This limited scope reflects the additional time and money needed to carry out a successful phishing attack.
Those organizations in the bullseye are attacked on a regular basis from every few weeks to every day, with a small group of firms being targeted more intermittently.
The Industries Targeted Most by Phishing
Among industries targeted by phishing cybercriminals, the payment industry was in the crosshairs 45 percent of the time, with the financial industry and Software as a Service/webmail industry filling out the top three at 16 percent and 15 percent, respectively.
This is a big upsurge in focus on the payment industry, which accounted for only 11 percent of phishing attacks in the fourth quarter of 2016, according to an earlier APWG report.
Attackers are increasingly using free hosting providers as one of the resources to build their campaigns, notes APWG contributor Crane Hassold, manager of threat intelligence for PhishLabs.
“These free hosts are not only easy and cheap to use, but they also allow threat actors to create subdomains spoofing a targeted brand, resulting in a more legitimate-looking phishing site,” Hassold says in the APWG report.
While the total numbers of free hosting-based attacks increased from 1,323 in January to 1,939 in June, the use of free hosting services continued to trend at about 10 percent of the total number of attacks each month.
APWG contributor Axur, a digital risk monitoring company located in Brazil, notes the heavy use of social media platforms such as Facebook, Instagram, LinkedIn and YouTube as phishing attack vectors in South America. Many of these attacks involve users being served up fake login pages that collect username and password information. These platforms accounted for about 39 percent of all phishing attacks among Latin American countries in the second quarter of 2017.