Phishing Surges Late in Year in 2015

Cyber-criminals targeting businesses with wire transfer scams

CAMBRIDGE, Mass.--()--The APWG reports in its new Phishing Activity Trends Report that the number of phishing attacks increased over the first three quarters of 2105. Phishers in that period increasingly targeted the customers of Internet Service Providers (ISPs), hoping to gain access to user accounts for various nefarious purposes. Phishers also intensified attacks against companies by perpetrating wire fraud scams, known as “Business Email Compromise” or “BEC” scams.

According to contributing APWG member MarkMonitor, Internet Service Providers (ISPs) became the most-targeted industry sector during the first three quarters of 2015, with the Payment Services and Financial Services (banks) sectors coming in second and third during the nine-month period. Phishers sometimes break into users’ ISP accounts so that they can send spam from those accounts, thereby advertising more phishing sites, or other Web destinations crafted to advance some other kind of cybercrime. ISP accounts can also contain other things that phishers want: personally identifiable information, credit card details, and access to domain name and hosting management credentials.

The full text of the report is available here: https://docs.apwg.org/reports/apwg_trends_report_q1-q3_2015.pdf

Business Email Compromise (BEC) scams continue to be a scourge to many businesses in 2015. These often use “spear-phishing” methods to target key employees at specific companies (such as comptrollers and treasury managers), and fool them into transferring large amounts of money into bank accounts controlled by criminals. From January to August 2015 the FBI reported a 270 percent increase in reported global losses from BEC scams. [https://www.ic3.gov/media/2015/150827-1.aspx ]

“BEC scams seek to socially engineer the employees of a business,” according to Carl Leonard, Principal Security Analyst at APWG member Raytheon|Websense. “The attacks use a form of spear-phishing, and initial attacks sent the spear-phishing emails from free domain names that closely resembled the victim company's domain name. Later attacks used a forged "from" address that matched the victim’s domain. We strongly encourage that businesses educate their employees about the dangers of these scams and implement technologies that intercept the incoming emails.”

Luis Corrons, PandaLabs Technical Director and Trends Report contributing analyst urged companies to be prepared because attacks are becoming more complex and harder to distinguish from authentic, workaday communications. “Spear phishing campaigns are growing, all of them with the same goal: set a foot on corporate networks to perpetrate large attacks to steal all kind of financial and confidential information. New approaches are needed, such as having advanced threat detection capabilities. CISOs need to know what is being executed in all servers and endpoints, with forensics capabilities in case an intrusion takes place."

APWG Senior Research Fellow Greg Aaron noted: “All types and sizes of companies are vulnerable to BEC scams. I’ve seen companies with under ten employees being targeted. All businesses should therefore assume that they have been researched by a criminal who has determined the names and email addresses of the employees who can authorize and execute wire transfers. Businesses can also protect themselves by allowing bank transfers only after multiple internal approvals.”

About the APWG

APWG is the coalition unifying the global response to cybercrime across industry, government and law-enforcement sectors and NGO communities. APWG’s membership of more than 1800 institutions worldwide is as global as its outlook, with its directors, managers and research fellows advising: national governments; global governance bodies like the OECD, ITU and ICANN; hemispheric and global trade groups; and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe's Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3, the Organization of American States and the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. The APWG, founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 1,800 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative https://education.apwg.org/safety-messaging-convention/ and founder/curator of the eCrime Researchers Summit, the world’s only peer-reviewed conference dedicated specifically to electronic crime studies <www.ecrimeresearch.org, held annually with proceedings published by IEEE.

Contacts

APWG
Peter Cassidy, +1-617-669-1123
pcassidy@apwg.org
http://www.apwg.org
or
PandaLabs
Luis Corrons
lcorrons@pandasoftware.es
http://www.pandasoftware.es
or
Websense
publicrelations@websense.com
http://www.websense.com
or
Internet Identity
Andrew Goss, +1-253-853-5151 ext. 224
pr@internetidentity.com

Release Summary

Phishing rises in 2015 toward end of year and cybercrime gangs focus on targeted phishing against key enterprise employees with, for example, access to corporate treasury resources.

Contacts

APWG
Peter Cassidy, +1-617-669-1123
pcassidy@apwg.org
http://www.apwg.org
or
PandaLabs
Luis Corrons
lcorrons@pandasoftware.es
http://www.pandasoftware.es
or
Websense
publicrelations@websense.com
http://www.websense.com
or
Internet Identity
Andrew Goss, +1-253-853-5151 ext. 224
pr@internetidentity.com