phishing-attackThe Anti-Phishing Working Group (APWG) has been active for more than a decade now to unify the global response to electronic crime and the group just published its new Q3 2013 Phishing Activity Trends Report last week. In general, the APWG measures the evolution, proliferation, and propagation of crimeware by drawing from the research of their member companies.

‘Phishing’, by the way, is a criminal mechanism employing both social engineering and technical fraud to steal consumers’ personal identity data and financial account credentials. Interestingly, the number of phishing campaigns increased by more than 20% in the third quarter of 2013, with crimeware attacks evolving and proliferating, according to several established APWG metrics. The increase is largely attributable to rising numbers of attacks against money-transfer and retail/e-commerce websites. In fact, the number of phishing sites actually jumped almost 30% from 38,110 in June 2013 to 49,480 the following month, and stayed at the highest rate through the third quarter.


The APWG updated its database of phishing signatures recently as well, allowing them to better examine incoming email reports from consumers. However, this revision didn’t notably affect the number of confirmed phishing sites found, but validate a higher number of incoming reports than in previous quarters.

During the same period, there was an 8% decline in the number of brands pursued by phishers, as the number of brands targeted fell from an all-time high of 441 in April 2013 to 379 in September 2013.


The most targeted industry sectors have been payment and financial services, while gaming has experienced the most drastic change, dropping from 5.66% in Q1 to 0.84% in Q3 2013.

The United States continued to be the top country hosting phishing sites during the Q3 of 2013, which is most probably due to the fact that a large percentage of the world’s websites and domain names are hosted there.


But let’s take a look at crimeware now, which APWG defines as “code designed with the intent of collecting information on the end user in order to steal the user’s credentials. Unlike most generic keyloggers, phishing-based keyloggers have tracking components, which attempt to monitor specific actions – and specific organizations, such as financial institutions, retailers, and e-commerce merchants –in order to target specific information. The most common types of information are access to financial-based websites, e-commerce and web-based mail sites.

Malware creation hit a new record high in Q3 2013, as APWG member PandaLabs revealed. According to their observation, Trojans remained the most popular form of malware, accounting for 76.85% of all new samples identified, making it still the most popular weapon of choice for malware writers. Most probably this explains the record number of new malware strains detected in Q3 2013.

PandaLabs revealed further that 31.88% of computers worldwide appeared to be infected with some sort of malware or adware/spyware: actually more than 59% of computers seem to be infected with malware in China - a record high for any country - followed by Turkey (46.58 %) and Peru (42.55%), and several other Latin American countries. Interestingly, Europe continued to have the lowest infection rates.


Last but not least, noteworthy is the fact that 42% of domains used for phishing were .COM names, down from 44% in the previous quarter and that attack vectors continued to evolve, placing social media at forefront of crimeware’s vanguard in the quarter.

“In the 3rd quarter of 2013, we also saw a change in the phishing themes used by malware authors. An emphasis on social media-themed subjects, such as ‘Invitation to connect on LinkedIn’, was used to entice users who would be used to seeing such subjects,” said APWG contributor Carl Leonard of Websense Security Labs.

There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide by now that work together to offer practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection.

If you want to support the group, membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies.

The APWG is co-founder and co-manager of the Stop. Think. Connect. Messaging Convention and curator of the eCrime Researchers Summit, the world’s only peer-reviewed conference, dedicated specifically to electronic crime studies.

By Daniela La Marca