The total number of phishing sites detected by the Anti-Phishing Working Group in the period from July to September 2019 was 266,387. This figure is significantly higher than in the previous quarter – by almost 84,000. Such a high activity of cyberfraudsters was last detected by experts in the 4th quarter of 2016 (277.7 thousand). Although the indicator is rather frightening, researchers remind that the level of phishing last year broke the record for the entire monitoring period (APWG has been keeping records of such activity since 2004). In 2018, the total number of attacks exceeded 1.22 million.
According to the APWG report, more than 400 brands were attacked each month. In the previous quarter, this figure was 313. WebMail and Software as a Service (SaaS) were the primary targets of phisher attacks. Payment systems (21% of phishing attacks) and financial institutions (19% of phishing attacks) were the most affected by the scammers.
Another disappointing trend was identified by PhishLabs, the co-authors of the APWG report. According to their data, 68% of phishing sites use HTTPS – the highest rate in the last five years. Remember that the lock icon at the beginning of the browser’s address bar doesn’t guarantee that an online resource is harmless, but only indicates that connections are encrypted.