APWG Report: Cloud Storage and SaaS Increasingly Targeted by Phishers

APWG researchers see continued abuse of HTTPS green-lock protocol to fool consumers

SAN DIEGO--()--The Anti-Phishing Working Group (APWG) has been tracking notable increases in phishing campaigns that target SAAS/webmail providers, as well as increased attacks on financial / banking targets and cloud storage and file-sharing sites. But banks remain the most popular targets, with phishers stealing customers’ online banking credentials.

According to the APWG’s latest Phishing Activity Trends Report, APWG member MarkMonitor detected phishing attacks targeting 454 organizations in the fourth quarter of 2017, and 60 percent of those organizations were financial institutions.

The total number of phish detected in Q4 was 180,577, which included the holiday season, a traditionally high period of the year for phishing. That was down from 190,942 in 3Q 2017. However, the activity varied by region.

Axur, the APWG’s observer in Brazil, detected a triple-digit percentage increased in Internet frauds, including phishing and social-media based scams in South America’s largest economy. “We detected the first phishing attacks in Brazil that led people to malware that mined Monero/XMR cryptocurrency for criminals,” said Fabio Ramos, CEO of Axur.

Phishers also continue to fool Internet users into complacency by using HTTP protection on phishing sites. Phishers are obtaining free HTTPS encryption certificates in order to execute these attacks, which lulls users into thinking that the sites are run by legitimate businesses and are safe to transact with.

In November 2017, APWG contributor PhishLabs conducted an informal poll to see how many people actually knew the meaning of the green padlock displayed in Web browsers, which indicates that a Web site is protected by HTTPS. More than 80 percent of the respondents believed the green lock indicated that a website was either legitimate and/or safe—neither of which is true.

By early 2018, more than 30 percent of phishing took place on HTTPS Web sites.

The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_q4_2017.pdf

About the APWG

The APWG, founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,200 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's <www.apwg.org> and <education.apwg.org> websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the Stop. Think. Connect. Messaging Convention, the global online safety public awareness collaborative <https://education.apwg.org/safety-messaging-convention/> and founder/curator of the eCrime Researchers Summit, the world’s only peer-reviewed conference dedicated specifically to electronic crime studies <www.ecrimeresearch.org>. APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe's Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Among APWG's corporate sponsors are: Among APWG's corporate sponsors include: AhnLab, Area 1, AT&T (T), Afilias Ltd., Avast!, AVG Technologies, Axur, Baidu Antivirus, BANDURA Systems, Bangkok Bank, BBN Technologies, Barracuda Networks, BillMeLater, Bkav, Blue Coat, BrandMail, BrandProtect, Bsecure Technologies, CSC Digital Brand Services, Check Point Software Technologies, Claro, Cloudmark, Comcast, CrowdStrike, CSIRTBANELCO, Cyber Defender, CYREN, Cyveillance, DNS Belgium, DigiCert, Domain Tools, Donuts, Duo Security, Easy Solutions, PayPal, eCert, EC Cert, ESET, EST Soft, Facebook, FeelSafe Digital, FEBRABAN, Fortinet, FraudWatch International, F-Secure, GetResponse, GlobalSign, GoDaddy, Google, Hauri, Hitachi Systems, Ltd., Huawei, ICANN, Identity Guard, Infoblox, IronPort (Cisco), Infoblox, Intel (INTC), Interac, IT Matrix, iThreat Cyber Group, iZOOlogic, KnowBe4, LaCaixa, Lenos Software, LookingGlass, MX Tools, MailChannels, MailJet, MailChimp, MailShell, MailUp, MarkMonitor (TRI), Melbourne IT, MessageLevel, Microsoft (MSFT), MicroWorld, Mimecast, Mirapoint, NHN, NZRS, MyPW, nProtect Online Security, Netcraft, Network Solutions, NeuStar, Nominet, Nominum, NZRS Limited, Public Interest Registry, Panda Software, Phishlabs, PhishMe, Planty.net, Prevalent, Prevx, Proofpoint, Psafe, RSA Security (EMC), Rakuten, RedMarlin, Return Path, RiskIQ, RuleSpace, SalesForce, SecureBrain, SendGrid, S21sec, SIDN, SilverPop, SiteLock, SnoopWall, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust, SurfControl, Symantec (SYMC), TDS Telecom, Telefonica (TEF), ThreatSTOP, TransCreditBank, Trend Micro (TMIC), Trustwave, UITSEC, Vasco (VDSI), VADE-RETRO, VeriSign (VRSN), Wombat Security Technologies, ZIX, and zvelo.

Contacts

APWG
Peter Cassidy, +1 617-669-1123
Secretary General
pcassidy@apwg.org
or
MarkMonitor
Stefanie Ellis
Stefanie.ellis@markmonitor.com
or
Axur
Fabricio Pessôa, +55-51-30122987
fabricio.pessoa@axur.com
or
PhishLabs
Stacy Shelley, +1 843-329-7824
stacy@phishlabs.com

Release Summary

The Anti-Phishing Working Group (APWG) has been tracking notable increases in phishing campaigns that target SaaS/webmail providers

Contacts

APWG
Peter Cassidy, +1 617-669-1123
Secretary General
pcassidy@apwg.org
or
MarkMonitor
Stefanie Ellis
Stefanie.ellis@markmonitor.com
or
Axur
Fabricio Pessôa, +55-51-30122987
fabricio.pessoa@axur.com
or
PhishLabs
Stacy Shelley, +1 843-329-7824
stacy@phishlabs.com