Home / News I have a News Tip

Phishers Increasingly Targeting SaaS and Webmail Services, APWG Reports

Most-Targeted Industry Sectors
APWG Report, 4th Quarter 2018
According to the latest report from Anti-Phishing Working Group (APWG) while the total number of conventional, spam-based phishing campaigns declined in 2018, users of software-as-a-service (SaaS) systems and webmail services are increasingly targeted.

The decline: "The number of confirmed phishing sites declined as 2018 proceeded. The total number of phishing sites detected by APWG in 4Q was 138,328 — down from 151,014 in Q3, 233,040 in Q2, and 263,538 in Q1. This general decline in the number of phishing campaigns as the year went on may have been a consequence of anti-phishing efforts — and/or the result of criminals shifting to more specialized and lucrative forms of e-crime than mass-market phishing."

Is it a decline: APWG points out that there is a growing concern the drop may be due to under-detection. "The detection and documentation of some phishing URLs has been complicated by phishers obfuscating phishing URLs with techniques such as Web-spider deflection schemes — and by employing multiple redirects in spam-based phishing campaigns, which take users (and automated detectors) from an email lure through multiple URLs on multiple domains before depositing the potential victim at the actual phishing site."

New targets: Phishing that targeted SaaS and Webmail services increased from 20.1 percent of all attacks in Q3 to almost 30 percent in Q4 of 2018. "Attacks against cloud storage and file hosting sites continued to drop, decreasing from 11.3 percent of all attacks in Q1 2018 to 4 percent in Q4 2018."

Follow CircleID on
Related topics: Cyberattack, Cybersecurity, Email
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

New TLDs

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

DNS Security

Sponsored byAfilias