News
APWG Report: Phishing Attacks Rise in the Third Quarter of 2020
November 2020 by APWG
The APWG’s new Phishing Activity
Trends Report reveals a rise in reported phishing since March of 2020.
In August and September of 2020, the APWG logged 200,000 phishing sites
per month — with more than 500 separate brands attacked by phishers each
month in the quarter.
APWG contributor OpSec Security found that phishing that targeted
webmail and Software-as-a-Service (SaaS) users continued to be the
biggest category of phishing, with 31.4 percent of all attacks. Banks
and other financial institutions were the targets of 19.2 percent of
attacks, and payment processing systems such as PayPal and Square were
targets for 13.4 percent of attacks. Phishing against the social media
sector was 12.6 percent of attacks, primarily driven by attacks against
Facebook and WhatsApp. APWG member Axur also noted that phishing in
Brazil continues to trend upward, primarily attacking e-commerce and
webmail services.
APWG contributor Agari continued to track "business email compromise"
(BEC) attacks that focus on key personnel within targeted enterprises,
one of the most damaging types of Internet crimes. BEC attacks that
sought wire transfers from victim companies sought an average of
$48,000. Agari also found that scammers requested funds in the form of
gift cards in 71 percent of BEC attacks, which are easier to cash out.
During the third quarter of 2020, the average amount of gift cards
requested by BEC attackers was $1,205.
Agari’s research in the quarter revealed that about 16.3 percent of BEC
attacks involved domain names registered by the scammers, domains that
they used to send email to their intended victims. Most of these were
registered at just five registrars: Namecheap, Public Domain Registry,
Google, Tucows and NameSilo.
Phishers are also deploying encryption to fool users into thinking that
phishing sites are legitimate and safe. APWG contributor PhishLabs found
that in the third quarter of 2020, 80 percent of phishing sites had SSL
encryption enabled. Encryption is deployed on phishing sites more often
than on regular web sites: SSL is currently found on only 66.8 percent
of all web sites across the Internet.
"Now, 80 percent of phishing sites have SSL encryption enabled - which
surprisingly is even higher than web sites in general," said John
LaCour, CTO of PhishLabs. (According to a Q-Source survey, as of October
2020, only 66.8 percent of web sites used SSL by default.)
"Not surprisingly, most SSL certificates used by phishers were
Domain-Validated (’DV’), which is the weakest form of certificate
validation," said LaCour. PhishLabs looked at 53,189 certificates used
on phishing sites, and found that 91.3 percent were DV, while 8.6
percent were OV (Organization Validation) certs, and just 0.1% were
Extended Validation (EV).
Finally, separate studies developed by by RiskIQ and Interisle
Consulting Group analyzed the use of domain names for phishing. They
reveal that phishers continue to obtain domain names predominantly from
certain registrars and in certain top-level domains, and the latter
study found that phishers themselves registered about 60 percent of the
domain names on which phishing occurs.
The full text of the report is available here:
http://docs.apwg.org/reports/apwg_trends_report_q3_2020.pdf
