Phishing Of SaaS And Webmail Brands Surpasses Phishing Attacks On Payment Brands For The First Time

CAMBRIDGE, Mass.--(BUSINESS WIRE)--According to the APWG’s new Q1 2019 Phishing Activity Trends Report, users of Software-as-a-Service (SaaS) and webmail services are being targeted with increasing frequency. The category became the biggest target in Q1, accounting for 36 percent of all phishing attacks, for the first time eclipsing the payment-services category which suffered 27 percent of attacks recorded in the quarter.

Online SaaS applications have become fundamental business tools, since they are convenient to use and cost-effective. SaaS services include sales management, customer relationship management (CRM), human resource, billing and other office applications and collaboration tools. “Phishers are interested in stealing logins to SaaS sites because they yield financial data and also personnel data, which can be leveraged for spear-phishing,” said Greg Aaron, APWG Senior Research Fellow.

Stefanie Ellis, AntiFraud Product & Marketing Manager at MarkMonitor said, “The total number of confirmed phishing sites increased in early 2019, with the biggest jump in March.”

The total number of phishing sites detected in 1Q of 2019 was 180,768. That was up notably from the 138,328 seen in the fourth quarter of 2018, and from the 151,014 seen in the third quarter of 2018.

Payment Services and Financial Institution phishing continued to suffer a high number of phishing attacks. But attacks against cloud storage and file hosting sites continued to drop, decreasing from 11.3 percent of all attacks in the first quarter of 2018 to just 2 percent in the first quarter of 2019.

Meanwhile, cybercriminals deployed HTTPS-protected phishing websites in record numbers, according to PhishLabs, posting a record high of nearly 60 percent of detected phishing websites in 1Q 2019 employing this data encryption protocol. Phishers turn this security utility against users, leveraging the HTTPS protocol’s padlock icon that appears in the browser address bar to assure users that the website itself is trustworthy.

“In Q1 2019, 58 percent of phishing sites were using SSL certificates, a significant increase from the prior quarter where 46 percent were using certificates,” said John LaCour, CTO of PhishLabs. “There are two reasons we see more. Attackers can easily create free DV (Domain Validated) certificates, and more web sites are using SSL in general. More web sites are using SSL because browser warning users when SSL is not used. And most phishing is hosted on hacked, legitimate sites.”

Also in this quarter’s Trends report: APWG contributor Axur documents phishing trends in Brazil, and researchers at APWG member PhishLabs document a significant increase in the use of SSL certificates on phishing web sites.

The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_q1_2019.pdf

About the APWG
Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 1,800 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's <www.apwg.org> and <education.apwg.org> websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative <https://education.apwg.org/safety-messaging-convention/> and founder/curator of the eCrime Researchers Summit, the world’s only peer-reviewed conference dedicated specifically to electronic crime studies <www.ecrimeresearch.org> with proceedings published by the IEEE. APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe's Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Among APWG's corporate sponsors are: AhnLab, Area 1, AT&T (T), Afilias Ltd., AnchorFree, Avast!, AVG Technologies, Axur, Baidu Antivirus, BANDURA Systems, Bangkok Bank, BBN Technologies, Barracuda Networks, BillMeLater, Bkav, Blue Coat, BrandMail, BrandProtect, Bsecure Technologies, CSC Digital Brand Services, Check Point Software Technologies, Claro, Cloudmark, Cofense, Comcast, CrowdStrike, CSIRTBANELCO, Cyxtera, Cyber Defender, CYREN, Cyveillance, DNS Belgium, DigiCert, Domain Tools, Donuts, Duo Security, Easy Solutions, PayPal, eCert, EC Cert, ESET, EST Soft, Facebook, FeelSafe Digital, FEBRABAN, Fortinet, FraudWatch International, F-Secure, GetResponse, GlobalSign, GoDaddy, Google, Hauri, Hitachi Systems, Ltd., Huawei, Hyas, ICANN, Identity Guard, Infoblox, IronPort (Cisco), Infoblox, Ingressum, Intel (INTC), Interac, IT Matrix, iThreat Cyber Group, iZOOlogic, Kaspersky Lab, KnowBe4, LaCaixa, Lenos Software, LINE, LookingGlass, MX Tools, MailChannels, MailJet, MailChimp, MailShell, MailUp, MarkMonitor (TRI), Microsoft (MSFT), MicroWorld, Mimecast, Mirapoint, NHN, NZRS, MyPW, nProtect Online Security, Netcraft, Network Solutions, NeuStar, Nominet, Nominum, NZRS Limited, PARENTHETIC, Public Interest Registry, Phishlabs, PhishMe, Planty.net, Prevalent, Prevx, Proofpoint, PSafe, RSA Security (EMC), Rakuten, RedMarlin, Return Path, RiskIQ, RuleSpace, SalesForce, SecureBrain, SegaSec, SendGrid, S21sec, SIDN, SilverPop, SiteLock, SnoopWall, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust, SurfControl, Symantec (SYMC), TDS Telecom, Telefonica (TEF), ThreatSTOP, TransCreditBank, Trend Micro (TMIC), Trustwave, UITSEC, Vasco (VDSI), VADE-RETRO, VeriSign (VRSN), VILSOL, Webroot, ßZIX, and zvelo.

Contacts

Media Contacts
APWG: Peter Cassidy
+1.617.669.1123
pcassidy@apwg.org

MarkMonitor: Stefanie Ellis
Stefanie.ellis@markmonitor.com

Axur: Fabricio Pessôa of Axur
+55.51.30122987
fabricio.pessoa@axur.com

PhishLabs: Stacy Shelley of PhishLabs
1.843.329.7824
stacy@phishlabs.com