The Anti-Phishing Working Group has published its Q1, 2018 Phishing Activity Trends Report. The report reveals there was considerable increase in unique phishing websites detected in the first few months of 2018 versus the last quarter of 2017.
In Q1, 263,538 unique phishing websites were discovered – a 46% rise from the 180,577 unique websites discovered in quarter 4 of 2017 and a 38% rise from the 190,942 websites seen in quarter 3 of 2017. In January 2018, there were 60,887 unique phishing websites discovered which was the same level as December 2017; however, there was a considerable increase in February (88,754) and another major increase in March (113,897).
The quantity of unique phishing campaigns recorded by APWG customers remained generally the same in January (89,250) and February (89,010) with a little drop in March (84,444). 235 brands were spoofed in January, increasing to 273 in February, and dropping to 238 in March.
APWG member MarkMonitor provided data on phishing campaigns by industry and identified the most attacked sectors. Online payment services topped the list in Q1 of 2018, with 39% of all phishing attacks. Attacks on SAAS and webmail providers accounted for 18.7% of the total, then financial institutions (14.2%) and file hosting and cloud storage service providers with 11.3%.
As organizations have shifted to HTTPS websites, phishers have responded. Each quarter has seen a considerable increase in the number of phishing websites that use HTTPS and secure the connection between the website and the browser. APWG member PhishLabs has been tracking the use of HTTPS on phishing websites and its numbers show a third of all phishing websites were on HTTPS infrastructure in Q1 2018 compared to only 10.5% in Q1 2017.
It is a common misconception that a site starting with HTTPS signifies the website is reputable, when that may not be the case. It just indicates that the connection between the browser and the website is secured. If the website is owned or operated by a phisher, or if a reputable web site has been hijacked, any data entered could be obtained by cybercriminals. Phishers are now increasingly registering their own domains and are obtaining free SSL certificates to make their websites appear more reputable.
RiskIQ data shows phishing URLs utilized by phishers closely matches TLD market share, with .com’s as the most commonly used TLDs. 6,608 of the 13,594 unique domains were utilized in phishing attacks in Q1 of 2018 were .coms. Those domains were broadly distributed among various domain registrars.
Brazilian cybersecurity company Axur provided a list of internet-based attacks on individuals and firms in Brazil. The company’s data reveal scam sites were the top threat and were responsible for 9,061 of the 17,065 attacks in quarter 1 2018. They were followed by social media scams (4,209), mobile app scams (1,840) and phishing scams (1,816). 350 redirection URLs were found that directed visitors to exploit kits and phishing websites and 257 URLs were being utilized to deliver malware.