The latest APWG report came out: "Phishers are criminal, but they do make rational decisions about how to go about their work. They’re in it for the money, and they work to make their schemes as productive as possible while evading detection. To combat phishing we need to know what the phishers are doing, and how. Where is the phishing taking place? What companies are most vulnerable? Were the slew of new top-level domains a bonanza for phishers? By analyzing the phishing that took place in the first half of 2014, the authors have some answers, and those answers may surprise you."
- The major findings in this report include:
- Apple became the world’s most-phished brand.
- The introduction of new top-level domains did not have an immediate major impact on phishing.
- Chinese phishers were responsible for 85% of the domain names that were registered for phishing.
- Malicious domain and subdomain registrations continue at historically high levels, largely driven by Chinese phishers.
- The average uptimes of phishing attacks remain near historic lows, pointing to some success by anti-phishing responders.
- The companies (brands) targeted by phishing targets were diverse, with many new targets, indicating that e-criminals are looking for new opportunities in new places.
- Mass hackings of vulnerable shared hosting providers led to 20% of all phishing attacks.
Recommended reading! The PDF is at the apwr.org site:
http://docs.apwg.org/reports/APWG_Global_Phishing_Report_1H_2014.pdf