Phishing activity trends for 2021

The APWG Phishing Activity Trends report for the first quarter of 2021 paints a grim picture.

According to the report, the number of phishing websites peaked in January 2021, reaching record-setting highs of 245,771.

While phishing-related scams dwindled later in the quarter, March saw well over 200,000 incidents, the 4th highest number ever reported by APWG.

This image has an empty alt attribute; its file name is GWmJWbx0h0cBzpauvbh5xyLCyQP_e7cghVVprliuE17IHPNQNeCgupQIUBUbqZkpyjauPt0qd2xNx57Yc-9AwFdSsAEZHZx8rarB64bpfCka3cMyEcXOZ6O7JQ7gDdfc0Vuj0rhH=s0

Image Source APWG

Most Targeted Industries

Financial institutions remain the prime target of phishing attacks, with incidents shooting from 22.5% in the fourth quarter of 2020 to 24.9% in the first quarter of 2021.

Social media websites come in a close second, with attacks rising from 11.8% in the fourth quarter of 2020 to 23.6% in the first quarter of 2021.

Other industries that record frequent phishing attacks include SaaS/webmail (19.6%), payment (8.5%), e-Commerce/retail (7.6%), and logistics/shipping (5.8%).

This image has an empty alt attribute; its file name is jNVcX71KVLADJKGlFdZ1EVY9WTSu637HBugDJphU8rTeYXp4qpjnHBTWvED0PoE_JM4vpOWO_Wp39i0aMV-ftKIRXnUmxcVs_CPsC8QaG7mtqpeacwiiwqxWIZ_3XyIU4fIM9jPB=s0

Image Source APWG

The report also noted that phishing attacks were increasingly targeting cryptocurrency sites breaking the 2% barrier for the first time, understandably due to the rise of popularity in cryptocurrencies such as Bitcoin and Ethereum.

Further, the APWG report found that vishing – a form of phishing advertised through voice messages and smishing – phishing broadcasted in SMS messages – is increasing in multiple industries.

Methods Used to Conduct Phishing Scams

Phishing scammers employ a variety of tactics to carry out attacks. Top methods as per the APWG report include:

Business e-Mail Compromise (BEC)

The emergence of Business e-Mail Compromise (BEC) scams is causing unprecedented loss of billions of dollars by businesses and organizations, small and large.

A BEC scam involves a cybercriminal masquerading as an employee or trusted third party using a compromised e-mail account to hoodwink an employee into sending them money.

The APWG report says BEC scams rose by 14% from $75,000 in the fourth quarter of 2020 to $85 000 in the first quarter of 2021.

54% percent of BEC scammers requested money in the form of gift cards, a 10% decline from the last quarter of 2020. The remaining 46% used payroll diversions, bank transfers, and “financial aging requests” tactics.

This image has an empty alt attribute; its file name is 18IHTRVulWSxbvFw9n1xdMUBAhJW7XQ3hoddd1tv4VGoTJiMZvPvzF0vXTWWdfOzYnz6AYrBN1Nqe-m2C1UB2cZs5gMSZ0DfBpKU-UrNsRaIYyhWeUL0F_EUqclY1p7z-k7Mv58w=s0

Image Source APWG

In a financial aging request, the hacker masquerades as an executive and requests for a list of debtors and their personal information from an employee of the targeted company, typically someone in the accounts department.

With this information, the scammer can then trick the debtors into channeling the payments to a new bank that they control.

Financial aging requests account for 10% of all BEC scams, according to the APWG’s report.

HTTPS Encryption

PhishLabs, a contributor to the APWG report, found that 83% of phishing websites use HTTPS encryption to dupe victims.

According to John LaCour, PhishLabs’ CTO, 94.5% of all TLS certificates used to carry out phishing scams in the first quarter of 2021 were “Domain Valid.”

HTTPS, at its core, serves as an assurance that the site a user is browsing is safe by encrypting the data exchanged between the person’s browser and the website.

Therefore, an unsuspecting target will without hesitation give out their personal data, including passwords or credit card information, on an HTTPS-encrypted site, effectively falling prey to phishing scammers.

This image has an empty alt attribute; its file name is UccCwGf_RwJK9GBDRDlXJ7y38x6GcvPbPp4ZjtKBkshRnaznBl8K0dA4HxkUl4DhQPg90Lp1EiFbH1L9MCTmuHXgB7YGZZJc7VFk6iYaBcVG-HCk3EEqsgwnlSazL491eLcEk_b7=s0

Image Source APWG

It is worth noting that 73% of BEC scams in the last quarter of 2020 used domain names registered at Public Domain Registry (PDR) and Namecheap, a 12% increase from the third quarter.

Domain Spoofing

Domain spoofing occurs when scammers use a company’s domain name to impersonate the organization or one of its employees. In most cases, a spoof site uses logos or an accurate replica of visual design to imitate the branding of a business or company.

The attackers send e-mails with false domain names to make them appear legitimate or create websites with slightly altered characters.

The scammers can also prompt targets to enter their financial details or other sensitive information by making them trust they’re sending the data to the right place.

The APWG report revealed that 2,134 out of 3,054 phishing URLs reported to the organization were unique and hosted on second-level domains.

According to the research, Top Level Domains (TDLs) with the most unique second-level domains used for phishing attacks in the first quarter of 2021 were as follows:

This image has an empty alt attribute; its file name is 9fnq8_iwQuBWQVmTI6R5SddVuqFrLlemIvjRQqXQp5IVSSfxGGkrCfxsmvUnqRaB7oRezJyzWB259-t2tof5d7uSrez3q-l3OLP7fjZ_thRvVtlQcoUTYHBSlhs6vjzsB3OyIp03=s0

Image Source APWG

In Conclusion

Phishing remains one of the top threats when it comes to breaches.

While the increase in phishing attacks correlates with the rise of remote work thanks to the raving Covid-19 pandemic, there’s every reason to remain vigilant.

Further, it would be best to invest in a solution that can help your organization monitor, intercept and redact sensitive data as a way of dealing with phishing attacks.