The Anti-Phishing Working Group (APWG) is the worldwide coalition unifying the global response to cyber-crime across industry, government and law-enforcement sectors. The information in this article is a description of what is trending, according to APWG recently published Phishing Activity Trends Report for 3rd Quarter 2016.

Phishing Activity Trends for 3rd Quarter 2016

  • The most targeted industry sector during the third quarter of 2016 continued to be the Retail/Service sector with Financial Services sitting in second place.
  • In Q3 2016, 200,000 new malware samples were captured per day.
  • The world’s most-infected countries are led by China, where 47.23% of computers are infected by malware, followed by Taiwan (43.38%) and Turkey (39.01%).
  • Scandinavian countries had the lowest percentages of infection.
  • The number of phishing websites observed in Q3 2016 by APWG decreased 25% from Q2 2016.
  • The number of brands targeted by phishers fell 17% from Q2 to Q3.

Hardest Hit Industry Sector

The Retail/Service sector continued to be the hardest hit for phishing attacks with 43% – the same figure as Q2 (note: This sector also includes music and e-commerce sites). Financial Services remained in second place for Q3 with 21% of attacks (an increase from 16% in Q2) and Payment Services came in at third place again with 10%.

Malware Infected Countries – 3rd Quarter 2016

PandaLabs (a member of APWG) reported an average of 200,000 new malware samples per day between July to September 2016, slightly less than in Q2. Trojans continued to be the most prevalent type of malware in the third quarter of 2016 accounting for 69.89% of new malware strains detected. PandaLabs analysis found that infections were caused by Trojans in 71.48% of cases, while PUPs (Potentially Unwanted Programs) ranked second, accounting for 23.45% of infections (slightly less than in Q2).

China had the highest malware infection rate, with 47.23%, whilst at the other end of the scale, Norway stole the trophy from Sweden, recording the lowest infection rate, at 19.73% (note: Most countries recorded a decrease in rate of infection for Q3, with the exception of Ecuador and Sweden, who had a slight increase).

Highest Ranked       Lowest Ranked
Ranking Country Infection Rate     Ranking Country Infection Rate
1 China 47.23%     41 Denmark 21.38%
2 Taiwan 43.38%     42 Japan 20.84%
3 Turkey 39.01%     43 Sweden 20.33%
4 Russia 37.86%     44 Finland 19.81%
5 Ecuador 37.21%     45 Norway 19.73%

Phishing Site Trends

The total number of unique phishing websites observed by APWG in Q3 was 364,424. This was a decrease of 25% from the 466,065 recorded in Q2 2016. It should be noted that Q2 represented record levels of phishing attacks, so the dip in Q3 is actually just bringing figures back to normal levels for this time of the year. The number of attacks detected per month fell from a high of 153,998 in April to 104,349 in August.

Unique phishing campaigns received by APWG from consumers – in which multiple users receive emails with a common subject line, directing them to a specific phishing site – also decreased with 229,251 reports submitted during Q3, compared to the much higher Q2 figure of 315,524 reports.

Brand-Domain Pairs Measurement – 3rd Quarter 2016

The chart below displays statistics based on brands phished, unique domains, unique domain/brand pairs, and unique URLs. A ‘brand/domain pair’ is a unique instance of a particular domain that is used to target a specific brand. Therefore, even if multiple URLs are targeting a brand, if they are hosted on the same domain, the brand/domain pair would be counted as one rather than many. If a greater number of unique URLs are found, compared to brand/domain pairs, it indicates that multiple URLs are being hosted on the same domain to target the same brand. Having this information is extremely useful to the brand being attacked, as it indicates approximately how many attacking domains need to be located and taken down.

Brand Attacks

In the third quarter of 2016, the number of brands targeted by phishers was between 340 and 361 per month. This is slightly less (17%) than in Q2, when between 411 and 425 brands were targeted each month, and coincides with an overall reduction in phishing attacks.