Freely subscribe to our NEWSLETTER

John Wilson, Senior Fellow, Threat Research at APWG contributing member Fortra, describes a new extortion technique that surfaced recently. "Previous extortion messages tended to be generic. We now see bad actors customizing their threats. Attack emails we began to see late in Q3 included the recipient’s phone number and home address as part of the lure. Many of these messages even contained a Google Street View image of the intended victim’s home.

Attack emails we began to see late in Q3 included the recipient’s phone number and home address as part of the lure. Many of these messages even contained a Google Street View image of the intended victim’s home. - John Wilson, Fortra

Online extortion is a scam in which the extortionist claims that he has embarrassing information about the victim - and demands money from him or her to prevent its distribution. While extortion scams have existed for years, the we-know-where-you-live angle is a disturbing new tactic, and makes the threat more vivid.

Matthew Harris, Senior Product Manager, Fraud at APWG contributing member OpSec, says that in Q3 the company detected a strong volume increase in two phishing techniques. One is vishing: voice phishing, where criminals use phone calls to steal personal information from victims. "Vishing incidents in Q3 increased more than 28 percent over Q2 volumes," Harris says.

These phone-based methods are more immediate, and allow fraudsters to talk victims out of their sensitive information. The other was smishing incidents: phishing advertised via SMS and text messages. "Smishing increased more than 22 percent in the third quarter of 2024," Harris says.

These phone-based methods are more immediate, and allow fraudsters to talk victims out of their sensitive information. - Matt Harris, OpSec

In the third quarter of 2024, APWG observed 932,923 phishing attacks, up from 877,536 in the second quarter. The number of phish reported to APWG has held steady since June 2023, varying between 290,000 and 370,000 attacks per month. APWG data curators note that email providers have been making it increasingly difficult for users to forward phishing to APWG and to other anti-abuse organizations and law enforcement authorities.

When fraudsters use email, they prefer to use free email services. Fortra found that 70 percent of Business Email Compromise (BEC) attacks in Q3 2024 were launched using a free webmail domain. (The remainder were deployed using a combination of maliciously registered domains and compromised email accounts.)

Google’s Gmail was by far the most popular free webmail provider for BEC scammers, used for 83.1 percent of the free webmail accounts that scammers set up for BEC scams in Q3 2024.

Fraudsters acquired the domain names that they used to run their BEC attacks at the following domain name registrars:

John Wilson of Fortra also noted: "Fortra observed a significant increase in the percentage of malware-laden messages reaching end-user inboxes in Q3 2024, with 12.3 percent of threat messages directing the recipient to a malicious payload. The most common malware family observed by Fortra was the Remcos RAT."