The Latest in Phishing: First of 2019

February 07, 2019
Aaron Jentzen

Wombat_Phishing-Attacks

We bring you the latest in phishing statistics and attacks from the wild.

Phishing Statistics and News

Credential Phishing Attacks Quadrupled in Q3 2018

Proofpoint’s latest Protecting People: A Quarterly Analysis of Highly Targeted Attacks analyzes email attacks on Fortune Global 500 companies that took place from July to September 2018. This quarterly report focuses on end users’ role in the current threat landscape, detailing who is being attacked, how, and what steps organizations can take to fight back. Here are some key phishing takeaways:

  • Email-based corporate credential phishing attacks quadrupled vs. the previous quarter.
  • Web-based social engineering attacks jumped 233% vs. the previous quarter.
  • 99% of the most highly targeted email addresses in the quarter didn’t rank as such in the previous report, which suggests attackers are constantly shifting targets.

For more insights, you can view a summary infographic and download the full report.

83% of Infosec Pros Reported Phishing in Global Survey

In January, we released our 2019 State of the Phish Report, which includes detailed phishing statistics based on multiple data sources, including nearly 15,000 responses to quarterly surveys sent to our database of infosec professionals throughout 2018. Our findings include:

  • 83% of global infosec respondents experienced phishing attacks in 2018, an increase from 76% in 2017.
  • In 2018, reports of credential compromise rose 70% over 2017, and they’ve soared 280% since 2016.

The 2019 report — our fifth annual — has been significantly expanded, offering more data and analysis than ever before. Download your copy for the full results of our global surveys (including regional data comparisons); how users across 16 industries perform on simulated phishing tests; and the ways organizations can use threat intelligence and their security awareness training data to identify and address the riskiest users and departments.

50% of Phishing Sites Now Using HTTPS

As we reported in January, the latest Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG) reveals that the number of phishing attacks reported in Q3 2018 (270,557) remained steady compared to Q1 and Q2. But other insights suggest that’s no cause for celebration:

  • Nearly 50% of phishing sites are using HTTPS encryption — a 40% increase over the previous quarter alone, and a nearly 900% increase since the end of 2016.
  • Phishing sites are increasingly using web page redirects to avoid detection.
  • 286 brands were targeted in September 2018, the most seen in a month since November 2017.
  • The online payment sector was the most targeted by phishing in Q3 2018, followed by SAAS/webmail and financial institutions.

     

Phishing Attacks

1 Million Emotet Phish in a Single Day

A growing number of phishing emails contain attachments or links designed to deliver a new, particularly dangerous version of the Emotet trojan. Proofpoint researchers have found that emails with Emotet have been distributed on a near-daily basis and in high volume, with as many as 1 million messages sent in a single day. The December installment of our Attack Spotlight series provides free, timely content you can immediately share with your end users to help them avoid Emotet phishing campaigns.

Cryptojacking Attacks on the Rise

Ransomware’s popularity may be giving way to cryptojacking (cryptocurrency mining malware), according to Get Safe Online, a UK public/private sector partnership. Cryptojacking attacks often start with a phishing email; when a person clicks a malicious link or opens an infected attachment, malware is installed which then secretly uses the compromised machine to mine cryptocurrency.

Banking Credential Phish Uses Fake Fonts to Evade Detection

A credential harvesting scheme that impersonates a major U.S. retail bank uses a seemingly unique encoding technique: a phishing template that employs a custom web font to implement a substitution cypher (among other techniques) to render well-crafted phishing pages. According to Proofpoint’s Threat Insight blog, “While the substitution cypher itself is simple, the implementation via web font files appears to be unique, giving phishing actors yet another technique to hide their tracks and defraud consumers.”