KnowBe4 Security Awareness Training Blog

APWG Q3 Report: Phishing Attacks at Highest Level in Three Years

Written by Stu Sjouwerman | Nov 5, 2019 3:38:28 PM

According to the APWG’s new Phishing Activity Trends Report, the number of phishing attacks continued to rise into the autumn of 2019. The total number of phishing sites detected by APWG in July through September 2019 was 266,387.

This was up 46 percent from the 182,465 seen in the second quarter of 2019, and almost double the 138,328 seen in Q4 2018.

Total number of phishing sites detected by APWG in July through September 2019 was 266,387, up 46 percent from 182,465 in Q2 2019. More than 400 brands targeted by phishers in Q3 2019: https://docs.apwg.org/reports/apwg_trends_report_q3_2019.pdf

“This is the worst period for phishing that the APWG has seen in three years, since the fourth quarter of 2016,” said Greg Aaron, APWG Senior Research Fellow and President of Illumintel Inc.

In addition to the increase in phishing volume, the number of brands that were attacked by phishers in Q3 was also up notably. APWG contributor MarkMonitor saw attacks against more than 400 different brands (companies) per month in Q3, versus an average of 313 per month in Q2. Stefanie Wood Ellis, Anti-Fraud Product & Marketing Manager at MarkMonitor, noted: “The top targeted industries are largely consistent with previous quarters. Webmail and SaaS sites remained the biggest targets of phishing.”

Meanwhile, “Business e-mail compromise” or BEC scams remained highly damaging. These attacks target employees who have access to company finances or valued data assets, usually by sending them email from fake or compromised email accounts (a “spear phishing” attack).

According to APWG contributing member Agari, 40 percent of BEC attacks use a domain name registered by a scammer. These domains are often variations of a trusted, existing company name, meant to fool unwary victims. In the third quarter, attacks involving wire transfers from victims were for an average of $52,325.

Also in this quarter’s Trends report: APWG member RiskIQ analyses where phishers register domain names; APWG contributor Axur documents rising phishing levels in Brazil; and researchers at APWG member PhishLabs document the rising use of SSL certificates on phishing web sites. The full text of the Q3 2019 report is available here: https://docs.apwg.org/reports/apwg_trends_report_q3_2019.pdf

About the APWG

APWG, an international affairs organization focused on global suppression of common and advanced cybercrimes, was founded in 2003 as the Anti-Phishing Working Group. The global industry, law enforcement, and government coalition of more than 2,100 institutions is unifying the global response to electronic crime, curating one of the world’s largest NGO-managed clearinghouses of cybercrime event data, and enabling the sharing of these data to protect consumers, commercial enterprises and government ministries. The APWG's www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing. APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative and founder/curator of the eCrime Researchers Summit, the world’s first peer-reviewed conference dedicated specifically to electronic crime studies. KnowBe4 is an APWG corporate sponsor.