The Latest in Phishing: End of 2016

To close out 2016, we bring you the latest in phishing statistics and attacks from the wild.

Phishing Statistics and News:

• The CIA has concluded after an investigation that Russian interference in the 2016 U.S. presidential election aimed to elect Donald Trump — though a recent Reuters report indicated that “overseers of the U.S. intelligence community have not embraced [the] CIA assessment” that the intention of the interference was to sway the results in Trump’s favor. Those thought to be responsible for this interference are also suspected to have launched a phishing attack on U.S. political think tanks and NGOs shortly after the election. Recent reports claim the same Russian hackers are now targeting Germany.
• In other political news, the U.S. Secretary of Homeland Security Jeh Johnson cited phishing as the top hacking threat facing the nation, stating that education and technology are two key approaches to combating the issue.
• Phishing-as-a-service (PhaaS) gained prominence in late 2016, making it easier than ever for hackers to steal sensitive data by reducing operational expenses and the amount of labor involved. According to researchers, “this approach to phishing is about a quarter of the cost and twice as profitable” as traditional campaigns.
• Avalanche, the network of servers rumored to be used for two-thirds of all phishing attacks worldwide, has been taken offline by a large-scale, multi-country sting operation spanning four years. The infrastructure had been in use since 2009 and has hosted at least 17 known malware families.
• Data from Webroot found an average of more than 400,000 phishing sites were observed each month in 2016. In its recent quarterly threat report, Webroot concluded that the average life cycle of a phishing site is incredibly short, coming in at just under 15 hours — with 84% of sites up for less than a day — making it more difficult for security tools to detect and block malicious websites.

Increase your security response team's efficiency with PhishAlarm Analyzer

Phishing Attacks:

• Experts are urging consumers to exercise caution during the holiday season, as fake package delivery notices have seen an almost 100% increase from the averages of September and October. The emails share common subject lines while posing as popular shipping companies like DHL, UPS, and Amazon.
• A new report from Proofpoint has identified a new phishing campaign named August, which targets the customer service staff and managers of retail organizations. The highly-personalized campaigns can siphon sensitive documents and credentials from the infected devices, and “could easily be adapted for wider distribution.”
• New York attorney general Erik Schneiderman is at the center of a phishing scheme in which hackers are targeting lawyers by posing as him. The scam attempts to lure attorneys into clicking on an email by claiming that a complaint has been made against their firm or business.
• Fans who signed up to a Scottish Football Association registry and whose data was accessed through a third-party database breach have now been the victims of a phishing attack asking for hundreds of dollars in unpaid tickets.
• According to the website LeakedSource, data from 85 million user accounts of the video sharing platform DailyMotion were stolen in an alleged breach. Compromised information includes user IDs, emails, and (in some cases) hashed passwords.
• Researchers from FireEye have identified malicious phishing websites serving fake logins from 26 Indian banks in an attempt to steal customer data. The Indian Computer Emergency Response Team (CERT-In) has been notified about the threat.
• Proofpoint has discovered that scammers are selling phishing attacks via YouTube that essentially have backdoors in them, exploiting the very same people they’re selling to.
• The latest round of IRS email scams is targeted at tax professionals who use IRS e-services. The phishing emails are asking recipients to update their accounts, directing them to a fake website that attempts to steal their credentials.
• The email addresses of members of the New Zealand nurses’ union were exposed after a phishing email masquerading as a message from the New Zealand Nurses Organization’s CEO led to the release of the data.
• The city of El Paso, Texas was robbed of millions intended for a public streetcar project after receiving phishing emails posing as a vendor requesting payment. The city’s CFO said the first payment was for about $300,000 and the second was for almost $2.9 million. The FBI and El Paso Police are currently investigating.
• A Twitter scam claiming users can get their accounts verified has been making the rounds via Promoted Tweets, which can be used to steal users’ credentials.