According to the APWG’s new Phishing Activity Trends Report, phishing attacks continued to rise into the second quarter of 2019 with cyber criminals focusing on branded webmail and SaaS providers. The report also documents how criminals are increasingly perpetrating business email compromise (BEC) attacks by using gift card cash-out schemes. Here’s a summary of the report according to APWG:
- The number of phishing attacks rose in the second quarter of 2019, eclipsing the number seen in the first quarter of 2019, and far above the amount recorded in the second half of 2018.
- Employees should beware of requests for gift cards and payroll account changes. Gift cards were requested in 65% of business email compromise (BEC) attacks. About 20% of BEC attacks requested payroll diversions, and 15% requested direct bank transfers.
- Phishing that targeted Software-as-a-Service (SaaS) and webmail services continued to be biggest category of phishing.
Most-Targeted Industry Sectors
According to the report, the top three biggest targets of phishing are as follows:
- SaaS and Webmail Providers
- Payment Companies
- Financial Institutions
Phishers continue attempts to obtain sensitive information such as usernames, passwords and payment card details to those kinds of sites, using them to carry out business e-mail compromises (BEC) attacks and to penetrate corporate accounts for financial gains. However, attacks against cloud storage and file hosting sites, telecom sites, e-commerce sites among others remained less popular.
Organisations that run on cloud applications and webmail, as well as those in the finical sector should pay close attention to phishing attacks and invest in user awareness training to mitigate associated risks. Such education can be effective, especially where training emphasises conceptual knowledge and run regular simulated phishing campaigns targeting staff to measure the effectiveness of their training.