The Number of Targeted Brands Declined Throughout Q4
Attackers appeared to narrow their focus on the brands they targeted during the holiday shopping season of Q4 2017, with the number of brands included in phishing campaigns dropping from 348 in October to 323 in November and 268 in December. The APWG saw a nearly identical trend in Q4 2016, with targeted brands dropping from 357 to 332 to 264 over the same three-month span.
Attackers Are Going Where the Money Is
The industries receiving the highest volumes of phishing attacks looked very different in Q4 2017 than in Q4 2016:
- The four most targeted sectors in Q4 2017 were Payment Services (42%), SaaS/Webmail (16%), Financial (15%), and Cloud Storage/Hosting (11%).
- The four most targeted sectors in Q4 2016 were Retail/Service (42%), Financial (19%), ISPs (13%), and Payment Services (11%).
Though financial organizations dealt with less volume, it’s important to note that they were still firmly in attackers’ sights late last year. MarkMonitor — an APWG member that provided industry-related data for the report — indicated that of the 454 organizations it identified as being phishing targets in Q4 2017, 60% were financial institutions. In comparison, just 4% of targets were payment providers, and 6% were SaaS/webmail providers.
Malicious Use of HTTPS Is on the Rise
While end users are often taught to look for HTTPS as an indicator of a secure connection, the APWG report cautions that “phishers are fooling internet users by turning an internet security feature against them.” In Q4 2017, more than 30% of phishing sites were hosted on HTTPS infrastructure — a dramatic rise from the end of 2016, when less than 5% of phishing sites used HTTPS content encryption. These statistics reinforce a caution we’ve long noted, that there is a difference between a “secure site” and a “safe site.”
Visit the APWG website to obtain copies of the Q4 2017 and Q4 2016 phishing analysis, as well as other issues of the Phishing Activity Trends Report.