It should come as no surprise that the most successful attack tactic is being used more in 2018. APWG’s latest report shows us the trends and what to expect for the remainder of 2018.
The Anti-Phishing Working Group (APWG) analyzes phishing attack data from industry partners, and reports on its findings quarterly. Their latest, released on July 31st, covers the phishing trends found in Q1 of 2018.
While APWG’s reports are probably a quarter behind in their timeliness, the data found remains valuable to demonstrate the trends we should continue to see throughout all of 2018.
The highlights of the report included:
- Over 11,000 phishing domains were created in Q1
- The total number of phishing sites increased 46% over Q4 2017
- The use of SSL certificates on phishing sites continues to increase to lull visitors into a false sense of security and site legitimacy.
All three of these trends add up to one thing – the bad guys are working on looking more and more legitimate. While the really poorly-written HTML emails attempting to look like an email from Fedex and other well-known companies still exist today, cybercriminals are working diligently to improve their craft – the more legitimacy they can establish through great presentation, proper context, and intelligently targeted spear phishing, the more successful the campaign.
Just as the cybercriminals are stepping up their game, your organization needs to as well. Users are going to be faced with determining the legitimacy of email requests, links, and attachments on their own. So, it is critical to empower the user with Security Awareness Training to teach them to have a security-centric mindset while doing their job.
On-Demand Webinar: Phishing Attack Landscape and Industry Benchmarking
One of your important and ongoing IT security initiatives is getting the Phish-prone percentage of your users as low as possible. But how are you doing compared to the "similar-size peers" in your industry? We just finished a big-data analytics exercise over the 15,000 customers we have and came up with new baseline phish-prone percentages, and how fast it drops. Join Stu Sjouwerman and Perry Carpenter as they discuss brand-new research based on what your users are clicking and find out how you are doing compared to your peers with new phishing benchmarks by industry.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: