The Anti-Phishing Working Group (APWG) has released a new report on phishing that shows, during the first three months of 2016, phishing activity was greater than at any other time in history.
APWG defines phishing as a criminal mechanism that employs technical subterfuge and social engineering techniques to steal personal identity data and financial credentials. APWG therefore includes CEO scams or business email compromise attacks, fraudulent and spoofed websites, phishing emails, malware that logs keystrokes, and websites that have been infected with keylogging malware.
For the report, APWG studied data from member companies from around the globe from a wide range of industry sectors. The study showed that the worst hit country was China, where 57.24% of computers are infected, followed by Taiwan, and Turkey, where 49.15% and 42.53% computers are infected.
However, the United States hosts the most phishing websites, which are used to obtain login credentials and financial details of Western consumers.
The industry most targeted by phishers was the retail/service sector, with phishers attempting to steal payment card details and personal information. In the first quarter of this year, the industry accounted for 42.71% of phishing attacks.
Cybercriminals often attempt to target brands. While the number of phishing attacks has increased significantly since 2015, the number of brands being targeted has remained fairly constant. Each month the figures fluctuate, although targeted brands remained within the range of 406 to 431. Attackers prefer to concentrate on the most popular brand names.
The report shows that the use of keyloggers has increased substantially this year. While keylogging malware has been used to obtain the personal information of consumers, businesses have been targeted by cybercriminals attempting to steal business login credentials.
A rise in the use of phishing is perhaps unsurprising. Phishing can be an incredibly effective way of obtaining the sensitive data to commit fraud or launch attacks on corporations. What is surprising is the extent to which phishing has increased. Between October 2015 and March 2016, phishing increased by a staggering 250%.
Phishing usually increases in the run up to the holiday season and then tails off in the New Year. However, in 2016 there was no drop in phishing activity. In 2016, phishing continued to increase. In December, APWG detected 65,885 unique phishing websites. The figure increased to 86,557 in January, dropped slightly to 79,259 in February, and spiked in March when 123,555 sites were detected.
APWG received 99,384 reports of phishing in January, with the number increasing substantially to 229,315 in February, with 229,265 reports received in March 2016.
With phishing now at such an elevated level, businesses and consumers alike should take steps to reduce the risk of attack.