APWG: Phishing maintained near-record levels in the first quarter of 2021

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021.

The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. The document revealed that phishing maintained record levels in the first quarter of 2021, the number of phishing websites peaked in January 2021 with an all-time high of 245,771. In February APWG members and contributors observed a slight decline in the number of phishing websites, but in March the number again exceeded 200k, which mark the fourth-worst month in APWG’s reporting history.

“The APWG’s members are reporting more confirmed phishing attacks,” said Greg Aaron, Senior Research Fellow at the APWG, and the editor of the new report. “There are, however, many more attacks that are not reported in our data repository. That means these numbers are the floor, and that the situation out on the Internet is worse than the mounting numbers indicate.”

The APWG is one of the biggest organization that monitor phishing activities on a global scale, it is composed of more than 2,200 members, including ICANN, AVAST, Cisco, Cofense, ESET, McAfee, Microsoft, PhishLabs, Symantec, Trend Micro, Facebook, PayPal, AT&T, Comcast, Digicert, Cloudflare, RSA, Verisign, and many others.

APWG’s reports revealed that in Q1 2021, the financial institution (24,9%), social media (23,6%), webmail/SaaS (19,6%) industries were most frequently victimized by phishing attacks. It is interesting to tone that the phishing attacks against cryptocurrency targets broke 2 per for the first time, a circumstance that demonstrates the growing interest of cybercrime in targeting users attracted by the raise of the value of cryptocurrencies like Bitcoin.

Giving a look at the most aggressive phishing tactics, experts pointed out that Business e-mail compromise (BEC) scams are causing huge economic losses to the victims, with average wire transfer requests in BEC attacks increasing to $85,000, up from $48,000 in Q3 2020.

APWG members state that Namecheap and Public Domain Registry (PDR) continue to be the primary registrars used by crooks to register the domain names employed in BEC attacks

The report also states that both Vishing (phishing advertised via voice messages) and Smishing attacks (phishing advertised in SMS messages) are on the rise in multiple industries.

“Vishing and smishing incidents are on the rise across organizations in a variety of industries, but the reported volume growth doesn’t yet rival traditional phishing,” noted Stefanie Wood Ellis, Senior Product Manager at founding APWG member OpSec Online. “Vishing and smishing volume is likely larger than reported, as both methods rely on the consumers to report the incidents.” In contrast, phishing advertised via email can be more easily caught by security providers, such as anti-spam and anti-phishing companies.”

Another interesting data emerged from the Phishing Activity Trends Report is that the use of HTTPS encryption on phishing sites remained at 83 percent, after rising steadily for years.

John LaCour, CTO of PhishLabs, analyzed the number of phishing sites using TLS certificates in the quarter.

This means that users cannot rely on the fact that the page they are visiting supports HTTPS to exclude that it is a landing page for a phishing attack.

“The first quarter of 2021 was the first quarter in which we did not see an increase in the number of phishing sites using SSL. The percentage has leveled off at about 83 percent for two quarters in a row.” said LaCour,

According to John LaCour, in Q1 2021, 94.5% of all TLS certificates used in phishing attacks were “Domain Valid” or “DV” certificates which are granted for free by providers such as Let’s Encrypt and cPanel.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, APWG phishing report)

[adrotate banner=”5″]

[adrotate banner=”13″]