According to the APWG’s new Phishing Activity Trends Report,
phishing attacks spiked in March and April 2018. The total number of
phish detected in 2Q 2018 was down slightly from 1Q 2018, but remained
far higher during the quarter than the rates seen during the same period
in 2017.
The phishing attacks in the second quarter of 2018 increasingly targeted
software-as-a-service (SAAS) and webmail providers. Attacks against such
providers amounted to 21 percent of all phishing attacks. Phishers
target users of these services to coopt their services to send spam,
steal the account data of additional users, and access business secrets.
Phishers also continued to attack payment processors and banks and their
customers which suffered 52 percent of all phishing attacks.
In other news, APWG member Axur described how cybercriminals in Brazil
steal credentials and use them to buy real-world products such as
electronics, which they then re-sell. Axur also observed that the number
of phishing attacks against Brazilian e-commerce sites fell 53 percent
from April to June. “We believe that this spike in April has a direct
connection to the FIFA World Cup event. In April, many criminals were
doing phishing by offering TVs priced much lower than those in official
stores,” said Eduardo Schultze, CSIRT Coordinator at Axur.
The full text of the report is available here:
http://docs.apwg.org/reports/apwg_trends_report_q2_2018.pdf
About the APWG
Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global
industry, law enforcement, and government coalition focused on unifying
the global response to electronic crime. Membership is open to qualified
financial institutions, online retailers, ISPs and telcos, the law
enforcement community, solutions providers, multi-lateral treaty
organizations, research centers, trade associations and government
agencies. There are more than 2,200 companies, government agencies and
NGOs participating in the APWG worldwide. The APWG's <www.apwg.org>
and <apwg.eu>
and <education.apwg.org>
websites offer the public, industry and government agencies practical
information about phishing and electronically mediated fraud as well as
pointers to pragmatic technical solutions that provide immediate
protection. The APWG is co-founder and co-manager of the STOP. THINK.
CONNECT. Messaging Convention, the global online safety public awareness
collaborative <https://education.apwg.org/safety-messaging-convention/>
and founder/curator of the eCrime Researchers Summit, the world’s only
peer-reviewed conference dedicated specifically to electronic crime
studies <www.ecrimeresearch.org>.
APWG advises hemispheric and global trade groups and multilateral treaty
organizations such as the European Commission, the G8 High Technology
Crime Subgroup, Council of Europe's Convention on Cybercrime, United
Nations Office of Drugs and Crime, Organization for Security and
Cooperation in Europe, Europol EC3 and the Organization of American
States. APWG is a member of the steering group of the Commonwealth
Cybercrime Initiative at the Commonwealth of Nations. Among APWG's
corporate sponsors are: Among APWG's corporate sponsors are: AhnLab,
AnchorFree, AT&T (T), Afilias, Avast!, AVG Technologies, BBN
Technologies, Barracuda Networks, BillMeLater, Booz Allen Hamilton, Blue
Coat, BrandMail, BrandProtect, Bsecure Technologies, CSC Digital Brand
Services, Check Point Software Technologies, Claro, Comcast,
CSIRTBANELCO, Cyxtera, Cyber Defender, DigiCert, Domain Tools,
Donuts.co, Easy Solutions, eBay/PayPal (EBAY), eCert, EC Cert, ESET, EST
Soft, Facebook, Forcepoint, Fortinet, FraudWatch International,
F-Secure, GlobalSign, GoDaddy, Google, GroupIB, Hauri, Hitachi Systems,
Ltd., Huawei Symantec, ICANN, Iconix, Infoblox (BLOX), IronPort, ING
Bank, Intuit, Internet.bs, IT Matrix, iThreat Cyber Group, Kindsight,
LaCaixa, Lenos Software, LINE, Lookingglass, MailChannels, MailChimp,
MailShell, MarkMonitor, M86Security, McAfee (MFE), Melbourne IT,
MessageLevel, Microsoft (MSFT), MicroWorld, Mimecast, Mirapoint, NHN,
MyPW, nProtect Online Security, Netcraft, Network Solutions, NeuStar,
Nominet, Nominum, Public Interest Registry, Panda Software, Phishlabs,
Phishme.com, Phorm, Planty.net, Prevx, Proofpoint, QinetiQ, Return Path,
RSA Security (EMC), RuleSpace, SalesForce, SecureBrain, SecureITLab,
S21sec, SIDN, SiteLock, SoftForum, SoftLayer, SoftSecurity, SOPHOS,
SunTrust, SurfControl, Symantec (SYMC), Tagged, TDS Telecom, Telefonica
(TEF), TransCreditBank, Trend Micro (TMIC), Trustwave, Vasco (VDSI),
VeriSign (VRSN), Wombat Security Technologies, and zvelo.
View source version on businesswire.com: https://www.businesswire.com/news/home/20181017005979/en/