The Latest in Phishing: January 2020

Phishing Statistics and News

Targeted Phishing Is Trending

The newly released State of the Phish report from Proofpoint examines phishing trends on a global level, and includes a number of striking phishing statistics. The report analyzes data compiled from multiple sources, including a survey of more than 600 infosec professionals across seven countries.

One finding from the survey is that nearly 90% of organizations experienced targeted phishing attacks in 2019. Eighty-eight percent of organizations worldwide faced spear phishing attacks and 86% dealt with business email compromise (BEC) attacks. These findings align with Proofpoint threat intelligence, which has shown a trend toward more targeted, personalized attacks over bulk campaigns.

Cybercriminals also frequently applied phishing techniques outside the inbox. Infosec professionals reported a high frequency of social engineering attempts across a range of methods in 2019:

  • 86% of organizations dealt with social media attacks
  • 84% reported SMS/text phishing (smishing)
  • 83% faced voice phishing (vishing)
  • 81% reported malicious USB drops

Download your copy of the State of the Phish report for additional detailed phishing statistics and actionable insights that will help you adopt a people-centric approach to cybersecurity in the year ahead.

Phishing Sites Hit a 3-Year High

The latest Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG) noted a significant increase in the number of unique phishing websites. For Q3 2019, the APWG detected 266,387 phishing sites — up 46% from Q2, and nearly double the number detected in Q4 2018. These Q3 2019 findings represent the highest volume since Q4 2016, when the APWG detected 277,693 unique phishing sites.

The report also offers insights into BEC cash-out tactics. In Q3, scammers requested gift cards in 56% of BEC attacks, followed by requests for payroll diversion (25%) and direct bank transfers (19%). But while requests for gift cards were the most common, they represented small amounts: an average of $1,571. The less-common wire transfer requests averaged $52,325 and ranged from $2,530 to $850,790.

Here are a few additional phishing insights:

  • Phishers attacked more than 400 different brands per month in Q3, a significant increase over Q2 (an average of 313 per month).
  • As in previous quarters, SaaS and webmail services were the most targeted industry sector in Q3, at 33% of all phishing attacks.
  • In Q3, the number of phishing sites using HTTPS encryption continued to increase, with more than two-thirds using HTTPS. The APWG notes that this trend “is a clear indicator that users can’t rely on SSL alone to understand whether a site is safe or not.”

High Phishing Risks for Marketing and PR Professionals

The latest Protecting People report from Proofpoint presents cybersecurity threat data gathered between January and June of 2019. One key finding is that workers in marketing/public relations functions represented the highest overall risk from malware and phishing. The marketing/PR category was followed closely by facilities/internal support (which includes IT workers) and R&D/engineering.

Why would people in marketing/PR be highly targeted? In part, it may be because the email addresses for these public-facing professions are often, well, public. Press releases, for example, often include a PR professional’s detailed contact information.

To learn more about attack trends in the first half of 2019 and to get recommendations on how to fight back, download the full report here.

Phishing Attacks

Fake Browser Updates on the Rise

Proofpoint researchers have identified a trending threat in which compromised websites display credible-looking (but malicious) browser update windows. These windows contain fraudulent messages that urge end users to download a file that claims to contain safety and security updates. Downloading the file will infect the user’s system with malware.

This fake update campaign can affect any user or organization, but we have seen frequent exposure in the healthcare, education, manufacturing and financial investing industries.

The December installment of our Attack Spotlight series provides free security awareness resources you can immediately share with your end users to help them avoid fake browser updates and similar attacks.

Activism Under Attack

Plenty of phishing lures rely on greed and self-interest to trick victims into taking action. But lures that appeal to a recipient’s better nature — such as disaster relief donation scams — seem particularly callous. In December, the Proofpoint Threat Insight team observed a global malicious email campaign targeting those interested in environmental causes and supporters of activist Greta Thunberg.

The malicious emails, which attempt to deliver Emotet malware, use subject lines like “Support Greta Thunberg - Time Person of the Year 2019.” Many of the attacks are localized, and a surprising number target the .edu domains used by educational institutions. “This makes sense given the strong support Thunberg has among students and young people,” notes Proofpoint researcher Sherrod DeGrippo.