A new phishing activity report published by the Anti-Phishing Working Group (APWG) shows that the threat from phishing websites is greater than any other time in the history of the Internet. The latest phishing activity report shows that in the past six months, the number of phishing websites has increased by a staggering 250%. Most of the new websites were detected in March 2016.
The Rising Threat from Phishing Websites Should Not Be Ignored
APWG was founded in 2003 in response to the rise in cybercrime and the use of phishing to attack consumers. The purpose of the organization is to unify the global response to cybercriminal activity, monitor the latest threats, and share data to better protect businesses and consumers.
In 2004, APWG started tracking phishing and reporting on the growing threat from phishing websites. During the past 12 years, the number of phishing websites being created by cybercriminals has grown steadily; however, the past six months has seen a massive rise in new websites that trick users into revealing sensitive data.
APWG reports that there is an increase in new malicious websites around the holiday season. In the run up to the holiday period when online shopping increases and Internet traffic spikes, there are more opportunities to relieve online shoppers of their credit card details, login credentials, and other sensitive data.
In late 2015, cybercriminals increased their efforts and there was the usual spike in the number of new phishing websites. However, after the holiday period ended APWG expected activity to reduce. That didn’t happen. New sites were still being created at elevated levels.
In the first quarter of 2016, APWG detected 289,371 new phishing websites were created. However, almost half of the new websites – 123,555 of them – were detected in March 2016. Aside from a slight dip in February, the number of new websites created has increased each month. March saw almost twice the number of new sites than were created in December. The figures for Q1 and for March were the highest ever seen.
Retail and Financial Sectors Most Frequently Targeted by Phishers
Phishers tend to favor well-known brands. The phishing activity report indicates little has changed in this regard. Between 406 and 431 brands are targeted each month. Most of the new sites target the retail industry which accounts for 42.71% of the new phishing websites detected in the first quarter of 2016. The financial sector was second with 18.67% of new sites, followed by the payment service industry with 14,74% and the ISP industry with 12.01%. The remaining 11.87% of new sites targeted a wide range of industries. The United States is the most targeted country and hosts the most phishing websites.
While phishing websites are now favored by cybercriminals, emails continue to be used to send malicious links and malware-infected attachments to consumers and businesses. In January, 99,384 phishing email reports were sent to APWG. The number increased to over 229,000 in February and stayed at that level in March.
APWG also tracked malware infections. In the first quarter of the year, 20 million malware samples were intercepted – an average of 6.67 million malware samples a month.
The report shows how critical it is for business to take action to prevent end users from visiting malicious websites and the seriousness of the threat from phishing websites.
One of the best ways that businesses can reduce the risk of employees visiting phishing websites is to use a web filtering solution. By controlling the sites that can be accessed by employees, the risk of phishing, malware infections, and ransomware attacks can be greatly reduced.