The latest report from the Anti-Phishing Working Group (APWG) highlights the prevalence of phishing and how it’s changing to remain an effective attack method.
Phishing is a core tactic in the cybercriminal’s arsenal. It’s the basis for the majority of social engineering, CEO fraud, and malware infection. In the spirit of keeping tabs on phishing, every quarter we review the latest detail from APWG. Their just-released 3rd Quarter Phishing Activity Trends Report provides insight into the current state of phishing.
Some of the highlights this quarter include:
- Phishing Attacks Remain Constant – The number of unique phishing reports has remained relatively steady from Q2 to Q3
- Phishing Focuses on the Money – Payment processing firms remained the most-targeted companies, followed by the banking sector
- Encryption is on the Rise: Phishing attacks hosted on secure sites continues its steady increase since 2015
- Redirection is Key to Avoid Detection: phishing attacks are using redirectors both prior to the phishing site landing page and following the submission of credentials to obfuscate detection via web server log referrer field monitoring
The data collected by APWG provides some key insight on how organizations need to protect themselves:
- Expect phishing to continue – there are zero indications that phishing is declining at any point in the near future.
- Focus on the Phish – Before malware, ransomware, or social engineering can have an impact, the email needs to get to the Inbox, be opened, and have a malicious action taken first. So, your greatest protection is found in stopping the phishing from being successful.
- Take a Layered Approach – Put proactive security measures like endpoint protection email and web scanning, and Security Awareness Training in place in order to both spot and stop phishing emails from either ever reaching an Inbox, or ever being engaged with by a user.