News
APWG REPORT: 2016 Exceeds All Records in Numbers of Phishing Attacks
February 2017 by APWG
The Anti-Phishing Working Group (APWG) observed that
2016 ended as the worst year for phishing in history. According to the
APWG’s new Phishing Activity Trends Report, the total number of phishing
attacks in 2016 was 1,220,523. This number represents the highest ever
recorded, and fully a 65 percent increase over 2015.
© YAKOBCHUK VASYL
The end of 2016 was also an opportunity to reflect how phishing has
grown over the years. In the fourth quarter of 2004, the APWG saw 1,609
phishing attacks per month. In the fourth quarter of 2016, the APWG saw
an average of 92,564 phishing attacks per month — an increase of 5,753
percent over 12 years. The growth in phishing attacks over the past ten
years has generally increased each year, indicating a consistent trend.
Forthcoming APWG reports will provide additional dimensions of data for
more analysis.
“Phishing is an attack that relies primarily on fooling people, rather
than highly sophisticated technical implementations,” said APWG Senior
Research Fellow and iThreat VP Greg Aaron. “For that reason, phishing
remains both popular and effective. Also, the APWG’s numbers for 2106
just measure broad-based attacks against consumer brands. The numbers
don’t attempt to catalog spear-phishing, which is highly targeted
phishing that targets only a few specific people within a company.
Truly, phishing is more pervasive and harmful than at any point in the
past.”
The new report also brings new insights from APWG’s contributing members
across the globe, a feature that will continue to appear in Phishing
Activity Trends Reports going forward.
Axur, a Brazilian company that concentrates on protecting companies and
their users in Brazil, found that fraudsters in Brazil are using both
traditional phishing and social media to defraud Internet users. They
are also using technical tricks to make it harder for responders to stop
theses scams and filter them before they reach end users. “Criminals are
re-inventing themselves all the time,” said Fabio Ramos, CEO of Axur.
“We’ve seen a decrease in the numbers of regular phishing attacks - and
an increase in other methods of fraud, such as malware fake services
advertised through social media platforms.”
APWG member RiskIQ examined how phishing victims are fooled by phishers
– not by the address in the browser bar, but by hyperlinks (which must
be hovered over to even see the destination domain), URL shorteners,
which mask the destination domain, or brand names inserted elsewhere in
the URL.
“A relatively low percentage of phishing websites targeting a brand
attempt to spoof that brand in the domain name—whether at the
second-level or in the fully-qualified domain name,” says Jonathan
Matkowsky, VP for intellectual property & brand security at RiskIQ. This
is evidence that phishers do not need to use deceptive domains names to
fool Internet users into visiting their sites.
The full text of the report is available here:
http://docs.apwg.org/reports/apwg_trends_report_q4_2016.pdf
