The Anti-Phishing Working Group (APWG) has published the “Global Phishing Survey 2H2014“, a report that comes with some interesting numbers on phishing activities. The Global Phishing Survey 2H2014 report states that in the second half of 2014 the domain names used for phishing broke a record, at least 123,972 unique attacks were observed all over the world, reaching the amazing figure of 95.321 unique domain names.
“Of the 95,321 phishing domains, we identified 27,253 domain names that we believe were registered maliciously, by phishers,”.”This is an all-time high, and much higher than the 22,629 we identified in 1H2014. Most of these registrations were made by Chinese phishers. The other 68,303 domains were almost all hacked or compromised on vulnerable Web hosting.”
Below the key findings of the Global Phishing Survey 2H2014 report:
To give you an idea of the record numbers in the second half of 2014, the Global Phishing Survey 2H2014 includes a table comparing malicious activities over the years:
“Phishers continued to attack Apple, PayPal, and Taobao.com heavily. Each of these three e-commerce giants suffered over 20,000 phishing attacks against their respective services and brands. Together, these top three were the targets of nearly 54 percent of the world’s phishing attacks. The next seven brands were targeted for a combined 23 percent of all phishing attacks — meaning the top 10 targets accounted for over three quarters of all phishing attacks observed worldwide. The number of times that the targets were attacked follows a long tail. Half of the targets were attacked four or fewer times during the six-month period (up from three times in 1H2014). One hundred and fifty-eight targets were attacked only once each in the period.”
Other interesting trends highlighted in the Global Phishing Survey 2H2014 report are:
That proves that “These show criminals seeking the credentials of consumers in places where consumers may least expect it. Phishers target wide-ranging targets for several reasons. One is to perform credit card theft, and hitting new targets may lull consumers into a false sense of security. The phishers can also monetize stolen data through reshipping fraud, a tactic that remains popular. Phishers also steal usernames and passwords from one site in order to try those credential on other sites. Many consumers re-use usernames and passwords, and this poor habit can be costly. If a site is getting phished for the first time, it may have been targeted by a more sophisticated phisher, who had the skill to design a new phishing template.”
You can check the full Global Phishing Survey 2H2014 report here:
About the Author Elsio Pinto
Edited by Pierluigi Paganini
(Security Affairs – APWG Global Phishing Survey 2H2014 , phishing)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.