Phishing Attacks Up, Especially Against SaaS And Webmail Services


Phishing attacks continued to rise into the summer of 2019 with cybercrime gangs’ focus on branded webmail and SaaS providers remaining very keen, according to the APWG report. The report also documents how criminals are increasingly perpetrating business email compromise (BEC) attacks by using gift card cash-out schemes.

The number of phishing attacks observed in the second quarter of 2019 eclipsed the number seen in the three quarters before. The total number of phishing sites detected in April through June 2019 was 182,465. This topped the 180,768 seen in 1Q2019, and was up notably from the 138,328 seen in the fourth quarter of 2018.

SaaS and branded Webmail providers were counted as the most targeted sector with 36 percent of all phishing attacks recorded targeting its constituents’ brands, according to APWG member MarkMonitor.

The report also demonstrates why employees should beware of requests for gift cards and payroll account change requests at the workplace.

APWG member Agari tracked BEC attacks across the quarter, watching gangs use targeted spear phishing to trick victims into sending funds or sensitive information to the criminal, often impersonating a trusted colleague or supervisor directing the employee to send out a gift card for a favored customer or an employee.

Gift cards were requested in 65 percent of BEC attacks during the second quarter of 2019. About 20 percent of attacks requested payroll diversions, and 15 percent requested direct bank transfers.

BEC attacks may be driving other kinds of phishing attacks. SaaS and webmail sites remained the biggest targets of phishing. Phishers harvest credentials to those kinds of sites to then perpetrate effective BEC attacks and to penetrate corporate accounts. Helpnet Security has the story:

Free Phish Alert Button

Do your users know what to do when they receive a phishing email? KnowBe4's Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

home-KnowBe4-Phish-Alert-2Here's how it works:

  • Reinforces your organization’s security culture
  • Users can report suspicious emails with just one click
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)

Get Your Phish Alert Button

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews