According to the APWG’s new Phishing Activity Trends Report, the number of phishing attacks in 2016 were the highest ever recorded with 1,220,523, representing an increase of 65% compared to the previous year.
Besides, APWG’s last report in 2016 used the opportunity to reflect how phishing has grown over the years. In the fourth quarter of 2004, the APWG saw 1,609 phishing attacks per month. Now, in the fourth quarter of 2016, an average of 92,564 phishing attacks per month have been registered — an increase of 5,753% over 12 years. Generally, the growth in phishing attacks over the past ten years has increased each year, indicating a consistent trend.
“Phishing is an attack that relies primarily on fooling people, rather than highly sophisticated technical implementations,” said APWG Senior Research Fellow and iThreat VP Greg Aaron. “For that reason, phishing remains both popular and effective. Also, the APWG’s numbers for 2016 just measure broad-based attacks against consumer brands. The numbers don’t attempt to catalogue spear-phishing, which is highly targeted phishing that targets only a few specific people within a company. Truly, phishing is more pervasive and harmful than at any point in the past.”
The new report also brings new insights from APWG’s contributing members across the globe, a feature that will continue to appear in Phishing Activity Trends Reports going forward.
For instance, Axur, a Brazilian company that concentrates on protecting companies and their users in Brazil, found that fraudsters in Brazil are using both traditional phishing and social media to defraud Internet users.
They are also using technical tricks to make it harder for responders to stop these scams and filter them before they reach end users.
“Criminals are re-inventing themselves all the time,” said Fabio Ramos, CEO of Axur. “We’ve seen a decrease in the numbers of regular phishing attacks - and an increase in other methods of fraud, such as malware fake services advertised through social media platforms.”
In addition, some of the fraud sites that Axur found had “IP filters”, which is a technique where the fraudsters don’t allow people on IP addresses outside of Brazil to see the fraud sites – only people inside of Brazil can see them. The goal is to make it more difficult for response teams at hosting provider outside of Brazil to view the active fraud, so they cannot confirm the problems and then eliminate them. Sometimes the fraudsters also block the IPs of the target company (a bank, for instance), so the company's security team will see the fraud as being down, unless they access it from an IP that doesn't belong to the company. This IP filtering technique was used in 29% of phishing attacks, and on occasion malware attacks and attacks using redirection techniques.
Furthermore, APWG member RiskIQ examined e.g. how phishing victims are fooled by phishers – not by the address in the browser bar, but by hyperlinks (which must be hovered over to even see the destination domain), URL shorteners, which mask the destination domain, or brand names inserted elsewhere in the URL.
“A relatively low percentage of phishing websites targeting a brand attempt to spoof that brand in the domain name—whether at the second-level or in the fully-qualified domain name,” says Jonathan Matkowsky, VP for intellectual property & brand security at RiskIQ. This is evidence that phishers do not need to use deceptive domains names to fool Internet users into visiting their sites.
For more details, please read the full report.