/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/post_banners/wp-content/uploads/2019/04/Computer-Hacking-Security-Internet-Hacker-Virus-3480124.jpg)
According to the latest APWG report, during the last quarter (Q4) of 2018, the phishing attacks targeting SaaS (software as a service) and web-mail services doubled. However, phishing activity during this quarter saw a decline in the number of phishing sites. This is probably due to greater sophistication employed by cyber criminals that have come to use multiple re-directions, which makes it more difficult to identify confirmed phishing sites.
The APWG report states that the number of unique phishing reports it received during Q4 of 2018 was 239,910, which was slightly lower from the 264,483 in 3Q and the 262,704 seen in Q2. The number of phishing attacks hosted on websites with HTTPS and SSL certificates also registered a reduction in Q4. The report, however, suggests that phishing is still the most prevalent in the old gTLD.COM (Top Level Domain).
Target Segments
In the last quarter of 2018, the Payments segment was the worst hit, registering 33% of the total phishing attacks, followed by SAAS / Webmail at 29.8%, Financial at 14.3%, Cloud Storage / File Hosting at 4.0%, Telecom at 3.2%, Logistics/Shipping at 3.0%, and the other categories put together at 12.9%.
Phishing to Steal Information
Phishing is a form of social engineering that cyber criminals are increasingly using to steal customers' personal information including name, address, phone number, bank account number, credit card details, and passwords. The common mechanism employed to lure customers into sharing their personal information is through spoofed emails seemingly originating from legitimate companies. The customers must click a URL which redirects them to a fake website, where they are tricked into sharing their personal details. Another common mechanism is through planting malware onto the victim's device to steal the information about online accounts and passwords.
Phishers often use digital certificates in the counterfeit sites to make them look legitimate. The dark web is full of phishing kits that aspiring criminals can buy, rather cheaply, and use to set up a fake website, send out messages to prospective victims and collect all of the data.
Be Vigilant
Phishers target unsuspecting customers to trick them into sharing their details which are later used for numerous types of cyber crimes. Therefore, the next time you get an unsolicited email from your bank or any other agency, check with them before clicking any URL. Be cautious, be safe.