For years, phishing has been one of the “go to” attack forms for hackers to gain access to your network systems. In fact, it’s been used since at least the early 90s, making it one of the oldest forms of hacks in use. But it appears this tactic is still in fashion. In fact, 2018 looks like it will be one of the biggest phishing years on record.
2018 and Beyond Phishing Trends
The Anti-Phishing Working Group (APWG) recently released its quarterly analysis for the first quarter of 2018. APWG analyzes phishing attack data from member organizations along with its Global Research Partners. In addition, industry members can submit reports to them by email to be included in the statistical analysis. As a result, their data is fairly extensive and well documented. Although this report gives a specific snapshot of the first quarter of 2018, it can be used to extrapolate trends the industry will see in coming months.
Troubling Sign of the Times in the World of Phishing
One of the most troubling signs in the data is the huge surge in unique phishing sites that were detected in just three months. In December 2017, there were approximately 60,000 unique phishing sites and this number stayed about the same for January 2018. But by March 2018, the number had climbed to almost 120,000. Overall, there were 263,538 individual phish detected by APWG. This constitutes an increase of 46% over the amount that was present at the end of 2017.
Targets for Phishing Attacks
Another takeaway from this report is that the biggest target for phishing hacks (at 39.4%) was the online payment sector. Following this was webmail (18.7%), financial institutions (14.2%), and then cloud storage/file hosting (11.3%). By the second quarter’s start, almost one-third of all phishing sites were being hosted on domains that had HTTPS and SSL certificates, making it increasingly difficult to distinguish between the fake websites used by hackers and the secure and “safe” websites that are protected by these protocols.
Be Wary of Emails
The bottom line is that hackers are becoming more sophisticated in disguising themselves so they can lure unsuspecting targets into giving away their data. For instance, a recent phishing attack hit five universities and 23 companies by claiming to be an email from FedEx. Users who clicked on the email were directed to a Google Drive account that featured HTTPS certification. However, the website was a scam that installed malware on the user’s computer to mine personal data and email information.
This increasing trend shows that hackers are adding new tools to their tactics and modifying old scams like phishing to stay ahead of the curve. Phishing poses a big financial threat to businesses. Call or email us today to learn how the right cyber insurance can help mitigate this threat.