Phishing attacks rise to highest level since 2004

The Anti-Phishing Working Group (APWG) observed more phishing attacks in the first quarter of 2016 than at any other time in history. According to a new report, the total number of unique phishing websites observed in Q1 2016 was a record 289,371, with 123,555 of those phishing sites detected in March 2016.

Those quarterly and monthly totals are the highest the APWG has seen since it began tracking and reporting on phishing in 2004.

There was a 250 percent increase in phishing sites between October 2015 and March 2016. “We always see a surge in phishing during the holiday season, but the number of phishing sites kept going up from December into the spring of 2016,” said Greg Aaron, APWG Senior Research Fellow.

APWG Chairman Dave Jevans said, “Globally, attackers using phishing techniques have become more aggressive in 2016 with keyloggers that have sophisticated tracking components to target specific information and organizations such as retailers and financial institutions that top the list.”

In the Q1 Trends Report, APWG found that the Retail / Service sector continued to be the most heavily attacked. APWG member MarkMonitor observed more attacks targeting cloud-based or SAAS companies, which drove significant increases in the Retail/Service sector. Financial and Payment targets were also heavily targeted as usual.

Ransomware continues to be another increasing threat, with APWG members Forcepoint and PandaLabs seeing increasing numbers of ransomware infections in early 2016. According to Carl Leonard, Principal Security Analyst at Forcepoint: “The onslaught of ransomware has not abated in 2016. Ransomware authors exhibited a willingness to adjust their scare tactics and software in Q1 2016 as they sought to scam more end-users. The takeaway is clear – ransomware authors are more determined and aggressive in 2016. End-users should be aware of the danger and take preventative measures.”