Phishers increasingly targeting cloud storage and SaaS

The Anti-Phishing Working Group (APWG) has been tracking notable increases in phishing campaigns that target SAAS/webmail providers, as well as increased attacks on financial / banking targets and cloud storage and file-sharing sites. But banks remain the most popular targets, with phishers stealing customers’ online banking credentials.

phishing saas

APWG member MarkMonitor detected phishing attacks targeting 454 organizations in the fourth quarter of 2017, and 60 percent of those organizations were financial institutions.

The total number of phish detected in Q4 was 180,577, which included the holiday season, a traditionally high period of the year for phishing. That was down from 190,942 in 3Q 2017. However, the activity varied by region.

Axur, the APWG’s observer in Brazil, detected a triple-digit percentage increased in Internet frauds, including phishing and social media based scams in South America’s largest economy. “We detected the first phishing attacks in Brazil that led people to malware that mined Monero/XMR cryptocurrency for criminals,” said Fabio Ramos, CEO of Axur.

Phishers also continue to fool Internet users into complacency by using HTTP protection on phishing sites. Phishers are obtaining free HTTPS encryption certificates in order to execute these attacks, which lulls users into thinking that the sites are run by legitimate businesses and are safe to transact with.

phishing saas

In November 2017, APWG contributor PhishLabs conducted an informal poll to see how many people actually knew the meaning of the green padlock displayed in Web browsers, which indicates that a Web site is protected by HTTPS. More than 80 percent of the respondents believed the green lock indicated that a website was either legitimate and/or safe—neither of which is true.

By early 2018, more than 30 percent of phishing took place on HTTPS Web sites.