Phishing attacks continued to rise into the summer of 2019 with cybercrime gangs’ focus on branded webmail and SaaS providers remaining very keen, according to the APWG report. The report also documents how criminals are increasingly perpetrating business email compromise (BEC) attacks by using gift card cash-out schemes.
The number of phishing attacks observed in the second quarter of 2019 eclipsed the number seen in the three quarters before. The total number of phishing sites detected in April through June 2019 was 182,465. This topped the 180,768 seen in 1Q2019, and was up notably from the 138,328 seen in the fourth quarter of 2018.
SaaS and branded Webmail providers were counted as the most targeted sector with 36 percent of all phishing attacks recorded targeting its constituents’ brands, according to APWG member MarkMonitor.
The report also demonstrates why employees should beware of requests for gift cards and payroll account change requests at the workplace.
APWG member Agari tracked BEC attacks across the quarter, watching gangs use targeted spear phishing to trick victims into sending funds or sensitive information to the criminal, often impersonating a trusted colleague or supervisor directing the employee to send out a gift card for a favored customer or an employee.
Gift cards were requested in 65 percent of BEC attacks during the second quarter of 2019. About 20 percent of attacks requested payroll diversions, and 15 percent requested direct bank transfers.
BEC attacks may be driving other kinds of phishing attacks. SaaS and webmail sites remained the biggest targets of phishing. Phishers harvest credentials to those kinds of sites to then perpetrate effective BEC attacks and to penetrate corporate accounts. Helpnet Security has the story: