APWG Report: Phishers Shift Efforts to Attack SaaS and Webmail Services

According to the APWGs new Phishing Activity Trends Report, there was some good news and some bad news for the Internet-using public in early 2019. The good news is that the total number of conventional, spam-based phishing campaigns declined as 2018 came to a close, while the bad news is that users of software-as-a-service (SaaS) systems and webmail services are being increasingly targeted.

The number of confirmed phishing sites declined as 2018 proceeded. The total number of phishing sites detected by APWG in 4Q was 138,328 “ down from 151,014 in Q3, 233,040 in Q2, and 263,538 in Q1. This general decline in the number of phishing campaigns as the year went on may have been a consequence of anti-phishing efforts “ and/or the result of criminals shifting to more specialized and lucrative forms of e-crime than mass-market phishing.

There is growing concern that the decline may be due to under-detection. The detection and documentation of some phishing URLs has been complicated by phishers obfuscating phishing URLs with techniques such as Web-spider deflection schemes “ and by employing multiple redirects in spam-based phishing campaigns, which take users (and automated detectors) from an email lure through multiple URLs on multiple domains before depositing the potential victim at the actual phishing site. APWG contributing member MarkMonitor continues to monitor this trend.

Phishing that targeted SaaS and Webmail services jumped from 20.1 percent of all attacks in Q3 to almost 30 percent in Q4. Attacks against cloud storage and file hosting sites continued to drop, decreasing from 11.3 percent of all attacks in Q1 2018 to 4 percent in Q4 2018.

Researchers at APWG member PhishLabs observed that in the final quarter of 2018, the number of phishing attacks hosted on Web sites that have HTTPS and SSL certificates declined for the first time in history. Phishing sites using SSL decreased slightly in Q4 2018 compared with Q3 “ down 3 percent to about 47 percent, said John LaCour, Chief Technology Officer of PhishLabs. However, it remains true that nearly half of phishing sites use digital certificates to makes attacks look more legitimate and avoid browser warnings.

Also in this quarters Trends report: APWG contributor Axur documented how phishers in South America offered Black Friday deals to their fellow criminals; and APWG contributor RiskIQ analyzed where phishing falls in the domain name space.

The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_q4_2018.pdf

About the APWG

Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 1,800 companies, government agencies and NGOs participating in the APWG worldwide. The APWG’s <www.apwg.org> and <education.apwg.org> websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative <https://education.apwg.org/safety-messaging-convention/> and founder/curator of the eCrime Researchers Summit, the worlds only peer-reviewed conference dedicated specifically to electronic crime studies <www.ecrimeresearch.org>. APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe’s Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Among APWG’s corporate sponsors are: AhnLab, Area 1, AT&T (T), Afilias Ltd., AnchorFree, Avast!, AVG Technologies, Axur, Baidu Antivirus, BANDURA Systems, Bangkok Bank, BBN Technologies, Barracuda Networks, BillMeLater, Bkav, Blue Coat, BrandMail, BrandProtect, Bsecure Technologies, CSC Digital Brand Services, Check Point Software Technologies, Claro, Cloudmark, Cofense, Comcast, CrowdStrike, CSIRTBANELCO, Cyxtera, Cyber Defender, CYREN, Cyveillance, DNS Belgium, DigiCert, Domain Tools, Donuts, Duo Security, Easy Solutions, PayPal, eCert, EC Cert, ESET, EST Soft, Facebook, FeelSafe Digital, FEBRABAN, Fortinet, FraudWatch International, F-Secure, GetResponse, GlobalSign, GoDaddy, Google, Hauri, Hitachi Systems, Ltd., Huawei, Hyas, ICANN, Identity Guard, Infoblox, IronPort (Cisco), Infoblox, Ingressum, Intel (INTC), Interac, IT Matrix, iThreat Cyber Group, iZOOlogic, Kaspersky Lab, KnowBe4, LaCaixa, Lenos Software, LINE, LookingGlass, MX Tools, MailChannels, MailJet, MailChimp, MailShell, MailUp, MarkMonitor (TRI), Microsoft (MSFT), MicroWorld, Mimecast, Mirapoint, NHN, NZRS, MyPW, nProtect Online Security, Netcraft, Network Solutions, NeuStar, Nominet, Nominum, NZRS Limited, PARENTHETIC, Public Interest Registry, Phishlabs, PhishMe, Planty.net, Prevalent, Prevx, Proofpoint, PSafe, RSA Security (EMC), Rakuten, RedMarlin, Return Path, RiskIQ, RuleSpace, SalesForce, SecureBrain, SegaSec, SendGrid, S21sec, SIDN, SilverPop, SiteLock, SnoopWall, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust, SurfControl, Symantec (SYMC), TDS Telecom, Telefonica (TEF), ThreatSTOP, TransCreditBank, Trend Micro (TMIC), Trustwave, UITSEC, Vasco (VDSI), VADE-RETRO, VeriSign (VRSN), VILSOL, Webroot, Wombat Security Technologies, ZIX, and zvelo.

For further information about the APWG, please contact APWG Secretary
General Peter Cassidy at +1.617.669.1123, [email protected].
For media inquiries related to the company-content of this report,
please contact APWG Secretary General Peter Cassidy at +1.617.669.1123;
Stefanie Ellis at [email protected];
Fabricio Pessôa of Axur at +55.51.30122987, [email protected];
or Stacy Shelley of PhishLabs at 1.843.329.7824, [email protected].