Pierluigi Paganini July 06, 2014

The APWG Report on Phishing Activity Trends analyzes phishing attacks observed by its member companies and reported to the APWG group.

According to the APWG Phishing Activity Trends Report for the first quarter of 2014, the phishing activities have increased in the first months of the year.

According to the APWG report, the number of malicious websites used for the fraudulent activities in the first quarter was 125,215, an increase of 10 % respect the same period of 2013 when the number of phishing websites observed was 111,773.

The APWG report reveals that fifty percent of the number of phishing attacks targeted payment services in the first quarter. Payment services are once again the most targeted industry, attacks against the financial industry was about 20 percent of the time, other phishing attacks targeted ISP, gaming, auction, government and social networking industries.

The APWG report confirms that the US, once again, hosted the majority of phishing sites:

“The United States continued to be the top country hosting phishing sites during the first quarter of 2014. This is mainly due to the fact that a large percentage of the world’s Web sites and domain names are hosted in the United States. A spate of phishing hit Turkey-based hosters in February and March.” states the report.

The percentage of infected machines on a global scale in Q1 has increased, reaching 32.77 percent, the countries with the greatest number of compromised PC are China (52.36% of computers in the country infected), followed by Turkey (43.59%) and Peru (42.14%).

“China tops the list because there are many unpatched installations of Windows there,” “Some of those installations are unpatched because they are pirated or unlicensed copies of Windows.”   said Greg Aaron, President of Illumintel and APWG Senior Research Fellow.

The phishers continue target legitimate entities, the number of targeted brands jumped to 557 from 525 in the previous quarter.

“Criminals [are] attacking new brands,”“Almost any enterprise that takes in personal data via the web is a potential target. While phishing has traditionally targeted banks and money transfer services such as PayPal, we’re seeing a wider range of targets getting spoofed, such as Airbnb and grocery store chains.” Aaron added. 

The APWG report shows a worrying scenario, the efficiency and the volume of phishing activities continue to increase making phishing one of the most dangerous cyber threats.

Awareness, information sharing on the threat and the adoption of proper countermeasures are necessary action to take for the threat mitigation.

For further data give a look to the APWG Phishing Activity Trends Report.

Pierluigi Paganini

(Security Affairs –  APWG Report, phishing)