There was some good news and some bad news for the Internet-using public in early 2019. The good news is that the total number of conventional, spam-based phishing campaigns declined as 2018 came to a close, while the bad news is that users of software-as-a-service (SaaS) systems and webmail services are being increasingly targeted.
Number of phishing sites declines
According to the APWG’s Q4 2018 Phishing Activity Trends Report, the number of confirmed phishing sites declined as 2018 proceeded. The total number of phishing sites detected by APWG in 4Q was 138,328 – down from 151,014 in Q3, 233,040 in Q2, and 263,538 in Q1.
This general decline in the number of phishing campaigns as the year went on may have been a consequence of anti-phishing efforts – and/or the result of criminals shifting to more specialized and lucrative forms of e-crime than mass-market phishing.
There is growing concern that the decline may be due to under-detection. The detection and documentation of some phishing URLs has been complicated by phishers obfuscating phishing URLs with techniques such as Web-spider deflection schemes – and by employing multiple redirects in spam-based phishing campaigns, which take users (and automated detectors) from an email lure through multiple URLs on multiple domains before depositing the potential victim at the actual phishing site. APWG contributing member MarkMonitor continues to monitor this trend.
New preferred targets
Phishing that targeted SaaS and Webmail services jumped from 20.1 percent of all attacks in Q3 to almost 30 percent in Q4. Attacks against cloud storage and file hosting sites continued to drop, decreasing from 11.3 percent of all attacks in Q1 2018 to 4 percent in Q4 2018.
Researchers at APWG member PhishLabs observed that in the final quarter of 2018, the number of phishing attacks hosted on Web sites that have HTTPS and SSL certificates declined for the first time in history.
“Phishing sites using SSL decreased slightly in Q4 2018 compared with Q3 – down 3 percent to about 47 percent,” said John LaCour, Chief Technology Officer of PhishLabs. “However, it remains true that nearly half of phishing sites use digital certificates to makes attacks look more legitimate and avoid browser warnings.”