April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Phishers increasingly target consumers’ banks and ISP accounts
Cambridge, MA, April 2 – The APWG reports in its new Phishing Activity Trends Report that phishing against banks and ISPs rose markedly compared to other sectors in the third quarter of 2014. The number of brands being attacked remains high, and malware variants continue to proliferate at a record rate of increase.
Attacks against financial institutions rose from 20.2 percent of all phishing attacks in the second quarter to 27 percent of all phishing attacks in the third quarter. Attacks against ISPs also increased, from 8.4 percent to 13.1 percent of the total. Some phishers continue to focus deeply on consumers’ email accounts. This allows the criminals to send spam from those accounts, gain access to password change requests related to other online services that the consumers use, thereby allowing the attackers to access even more sensitive data.
A total of 549 brands were targeted by phishers in Q3, up from the 531 targeted in the second quarter of 2014. The types of industries targeted by cybercrime gangs continue to be increasingly heterogeneous. For example, some attacks have involved abuse of healthcare records, a typically high-quality data resource that opens up additional attack opportunities just as ISP login data enable.
“Healthcare records hold a treasure trove of data that is valuable to an attacker,” said Carl Leonard of Websense Security Labs, and a contributor to the report. “That data can be used in a multitude of different follow-up attacks and fraud. In a break-in we observed, the method of entry was a phishing email purporting to be from the employees’ local IT team, asking the team members to log in to their corporate email system. The resulting webpage served to end users being a fraudulent login page under the control of the attackers.”
Crimeware mutations also continue to proliferate. According to Luis Corrons, PandaLabs Technical Director and Trends Report contributing analyst, the global infection rate was 37.93 percent, slightly up from past quarters. China is once again in pole position, with an infection rate of 49.83 percent. Seventy-five percent of malware infections fell into the Trojan category.
The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_q3_2014.pdf
The APWG, founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's www.apwg.org, apwg.eu and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative www.stopthinkconnect.org and founder/curator of the Symposium on Electronic Crime Research, the world’s only peer-reviewed conference dedicated specifically to electronic crime studies https://apwg.org/apwg-events/ecrime2015/ .
Among APWG's corporate sponsors are as follows: AT&T(T), Afilias Ltd., AhnLab, Area 1, Avast!, AVG Technologies, AXUR, BBN Technologies, Bangkok Bank, Barracuda Networks, Baidu Antivirus, BillMeLater, Bkav, Booz Allen Hamilton, Blue Coat, BrandMail, BrandProtect, Bsecure Technologies, CSC Digital Brand Services, Check Point Software Technologies, Comcast, CSIRTBANELCO, CyberIQ, Cyber Defender, Cyveillance, DigiCert, Domain Tools, DNS Belgium, Donuts.co, Easy Solutions, eBay/PayPal (EBAY), eCert, EC Cert, ESET, EST Soft, Facebook, FEDEX (FDX), Fortinet, FraudWatch International, F-Secure, GlobalSign, GoDaddy, Google, GroupIB, Hauri, Hitachi Systems, Ltd., Huawei, ICANN, Iconix, IID, IronPort, ING Bank, Intuit, Internet.bs, iZOOlogic, IT Matrix, LaCaixa, Lenos Software, MailShell, Malcovery, MarkMonitor, M86Security, McAfee (MFE), Melbourne IT, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, MX Tools, NHN, MyPW, nProtect Online Security, Netcraft, Network Solutions, NeuStar, Nominet, Nominum, Public Interest Registry, Panda Software, Phishlabs, Phishme.com, Phorm, Planty.net, Prevx, Procera, Proofpoint, Qihoo 360 Technology, Rakuten, Return Path, RSA Security (EMC), RuleSpace, SAIC (From Science to Solutions), SalesForce, SecureBrain, S21sec, SIDN, SilverPop, SiteLock, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust, Square, Symantec (SYMC), Tagged, TDS Telecom, Telefonica (TEF), TransCreditBank, Trend Micro (TMIC), Trustwave, Vasco (VDSI), VeriSign (VRSN), Websense Inc. (WBSN), Wombat Security Technologies, Yahoo! (YHOO), and zvelo.