Press release

APWG Q3 Report: Phishing Attacks at Highest Level in Three Years

Sponsored by Businesswire

According to the APWG’s new Phishing Activity Trends Report, the number of phishing attacks continued to rise into the autumn of 2019. The total number of phishing sites detected by APWG in July through September 2019 was 266,387. This was up 46 percent from the 182,465 seen in the second quarter of 2019, and almost double the 138,328 seen in Q4 2018.

“This is the worst period for phishing that the APWG has seen in three years, since the fourth quarter of 2016,” said Greg Aaron, APWG Senior Research Fellow and President of Illumintel Inc.

In addition to the increase in phishing volume, the number of brands that were attacked by phishers in Q3 was also up notably. APWG contributor MarkMonitor saw attacks against more than 400 different brands (companies) per month in Q3, versus an average of 313 per month in Q2. Stefanie Wood Ellis, Anti-Fraud Product & Marketing Manager at MarkMonitor, noted: “The top targeted industries are largely consistent with previous quarters. Webmail and SaaS sites remained the biggest targets of phishing.”

Meanwhile, “Business e-mail compromise” or BEC scams remained highly damaging. These attacks target employees who have access to company finances or valued data assets, usually by sending them email from fake or compromised email accounts (a “spear phishing” attack). According to APWG contributing member Agari, 40 percent of BEC attacks use a domain name registered by a scammer. These domains are often variations of a trusted, existing company name, meant to fool unwary victims. In the third quarter, attacks involving wire transfers from victims were for an average of $52,325.

Also in this quarter’s Trends report: APWG member RiskIQ analyses where phishers register domain names; APWG contributor Axur documents rising phishing levels in Brazil; and researchers at APWG member PhishLabs document the rising use of SSL certificates on phishing web sites.

The full text of the Q3 2019 report is available here:

APWG’s researchers, directors, steering committee and correspondents will be meeting at their annual research and industrial operations eCrime symposium at Carnegie Mellon next week (Nov. 13-16) in Pittsburgh, to consider these and other insights into cybercrime’s evolution – and the evolving role of the cybercrime responder:

This year’s symposium posits the theme, “Cybercrime Suppression Via Globalized Response Infrastructure Development and Reinforcement”:

About the APWG

Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 1,800 companies, government agencies and NGOs participating in the APWG worldwide. The APWG’s <> and <> websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative <> and founder/curator of the eCrime Researchers Summit, the world’s only peer-reviewed conference dedicated specifically to electronic crime studies <>. APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe’s Convention on Cybercrime, United Nations Office of Drugs and Crime, Commonwealth of Nations, Commonwealth Parliamentary Association, Organization for Security and Cooperation in Europe, Europol | EC3 and the Organization of American States.

About the APWG Symposium on Electronic Crime Research

The Symposium on Electronic Crime Research (APWG eCrime), founded in 2006 as the eCrime Researchers Summit, is an annual peer-reviewed conference featuring a comprehensive venue to present basic and applied research into electronic crime and engaging every aspect of its evolution – as well as technologies and techniques for eCrime detection, related forensics and prevention. Since then, what had been an initially technology focused conference has incrementally expanded its focus to cover behavioral, social, economic, and legal / policy dimensions as well as technical aspects of cybercrime, following the interests of our correspondent investigators, the symposium’s managers as well as the guidance of APWG’s own directors and steering committee members. Scores of papers exploring these dimensions of cybercrime at APWG eCrime have been published by the IEEE <> as well as by Taylor & Francis and the Association of Computing Machinery (in the very earliest years of this conference).