APWG Report: Record-Shattering Q2 Phishing Attack Wave Ebbed in Q3 2016
Retail/Service Sector Phishing Attacks Rise to 43 Percent of All Phishing AttacksThe Anti-Phishing Working Group reports that the year’s record wave of phishing subsided in the autumn. According to the APWG’s new Phishing Activity Trends Report, the total number of phishing websites detected in the third quarter of 2016 was 364,424, compared with 466,065 in the second quarter — a decline of 25 percent.The second quarter of the year had the all-time-high number of phishing attacks, and the decline represents a return to more historical norms. The number of attacks detected per month fell from a high of 153,998 in April to 104,349 in August.Stefanie Ellis, AntiFraud Product Marketing Manager at MarkMonitor and an APWG contributor said, “In August and September MarkMonitor detected a significant dip in phishing URLs following record highs in April through July. Volume in the third quarter was comparable with volumes detected over the same period last year.”APWG Senior Research Fellow Greg Aaron observed: “Phishing traditionally ramps up again during the holiday season. We urge online consumers to be alert, and to be careful clicking on links found in emails. When in doubt, type in the name of the site that you wish to visit.”The report also reveals that the Retail/Service sector,which includes music and e-commerce sites, was the most-attacked, suffering 43 percent of all phishing attacks in the third quarter. Attacks against the Financial sector (composed mainly of banks) increased from 16 percent in Q2 to 21 percent in Q3.In malware news, the country with the worst malware infection rate was China, where 47 percent of machines were infected. Scandinavian countries Norway, Finland, and Sweden had the lowest infection rates.The full text of the report is available here: https://docs.apwg.org/reports/apwg_trends_report_q3_2016.pdfAbout the APWGThe APWG, founded in 2003 as the Anti-Phishing Working Group, is a global industry, law enforcement, and government coalition of more than 2,000 institutions working to unify the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. The APWG’s <www.apwg.org> and <education.apwg.org> websites offer the public, industry and government agencies practical information about phishing. APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative <https://education.apwg.org/safety-messaging-convention/> and founder/curator of the eCrime Researchers Summit, the world’s first peer-reviewed conference dedicated specifically to electronic crime studies <www.ecrimeresearch.org>. Among APWG’s corporate sponsors include: AhnLab, Area 1, AT&T (T), Afilias Ltd., Avast!, AVG Technologies, Axur, Baidu Antivirus, Bangkok Bank, BBN Technologies, Barracuda Networks, BillMeLater, Bkav, Blue Coat, BrandMail, BrandProtect, Bsecure Technologies, CSC Digital Brand Services, Check Point Software Technologies, Claro, Cloudmark, Comcast, CSIRTBANELCO, Cyber Defender, CYREN, Cyveillance, DNS Belgium, DigiCert, Domain Tools, Donuts, Duo Security, Easy Solutions, PayPal, eCert, EC Cert, ESET, EST Soft, Facebook, FeelSafe Digital, FEBRABAN, Fortinet, FraudWatch International, F-Secure, GetResponse, GlobalSign, GoDaddy, Google, GroupIB, Hauri, Hitachi Systems, Ltd., Huawei, ICANN, Infoblox, IronPort (Cisco), ING Bank, Infoblox, Intel (INTC), Interac, Internet.bs, IT Matrix, iThreat Cyber Group, iZOOlogic, KnowBe4, LaCaixa, Lenos Software, LookingGlass, MX Tools, MailChannels, MailJet, MailChimp, MailShell, MarkMonitor, Melbourne IT, MessageLevel, Microsoft (MSFT), MicroWorld, Mimecast, Mirapoint, NHN, NZRS, MyPW, nProtect Online Security, Netcraft, Network Solutions, NeuStar, Nominet, Nominum, NZRS Limited, Public Interest Registry, Panda Software, Phishlabs, PhishMe, Planty.net, Prevalent, Prevx, Proofpoint, RSA Security (EMC), Rakuten, Return Path, RiskIQ, RuleSpace, SalesForce, SecureBrain, SendGrid, S21sec, SIDN, SilverPop, SiteLock, SnoopWall, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust, SurfControl, Symantec (SYMC), Tagged, TDS Telecom, Telefonica (TEF), ThreatSTOP, TransCreditBank, Trend Micro (TMIC), Trustwave, Vasco (VDSI), VADE-RETRO, VeriSign (VRSN), Wombat Security Technologies, and zvelo.