07-06-2014 04:47 AM - edited 07-06-2014 01:18 PM
We keep hearing about this phishing attack and that phishing attack, and also about the targets, it is interesting to see some figures to back up our assumptions.
By paganinip on July 6th, 2014
"The APWG report reveals that fifty percent of the number of phishing attacks targeted payment services in the first quarter. Payment services are once again the most targeted industry, attacks against the financial industry was about 20 percent of the time, other phishing attacks targeted ISP, gaming, auction, government and social networking industries.
The APWG report confirms that the US, once again, hosted the majority of phishing sites:
“The United States continued to be the top country hosting phishing sites during the first quarter of 2014. This is mainly due to the fact that a large percentage of the world’s Web sites and domain names are hosted in the United States. A spate of phishing hit Turkey-based hosters in February and March.” states the report."
07-06-2014 06:53 AM
07-06-2014 01:01 PM
Sadly, I was one of those hit, but in the 2nd quarter.
Helpful Webroot Links:
09-29-2014 01:36 PM
Thule following article is a update on APWG Phishing Activities
By Brian Prince on September 29, 2014
Phishers remain focused on compromising web servers that host large numbers of domains, according to the Anti-Phishing Working Group (APWG).
In a report on phishing attacks during the first half of 2014, the APWG identified 215 mass break-ins of this type, resulting in 24,662 phishing attacks. This represented 20 percent of the phishing attacks APWG analyzed worldwide during the period.
"Versus 2H2013, both break-ins (178 in 2H2013) and attacks (20,911 in 2H2013) were up noticeably," according to the AWPG report. "They resulted in about 20 percent of all phishing attacks, versus 18 percent in 2H2013. This trend is interesting and it is unclear whether these attacks are more effective and are thus being run more often to capitalize, or whether the technique is less effective so attackers need to launch more in order to reap the same number of credentials."
APWG identified sets of attacks by analyzing the IP addresses of the machines used the timing of the attacks and the telltale URL paths that the phish shared.
SecurityWeek/ full article here/ http://www.securityweek.com/phishers-hit-hosting-p