Use of HTTPS protocol on phishing websites reaches record high.
TELECOMWORLDWIRE-May 23, 2019-Use of HTTPS protocol on phishing websites reaches record high
(C)1994-2019 M2 COMMUNICATIONS http://www.m2.com
According to the APWG's new Q1 2019 Phishing Activity Trends Report, users of Software-as-a-Service (SaaS) and webmail services are being targeted with increasing frequency, the company said.
The category became the biggest target in Q1, accounting for 36 percent of all phishing attacks, for the first time eclipsing the payment-services category which suffered 27 percent of attacks recorded in the quarter.
Online SaaS applications have become fundamental business tools, since they are convenient to use and cost-effective. SaaS services include sales management, customer relationship management (CRM), human resource, billing and other office applications and collaboration tools. "Phishers are interested in stealing logins to SaaS sites because they yield financial data and also personnel data, which can be leveraged for spear-phishing," said Greg Aaron, APWG Senior Research Fellow.
The total number of phishing sites detected in 1Q of 2019 was 180,768. That was up notably from the 138,328 seen in the fourth quarter of 2018, and from the 151,014 seen in the third quarter of 2018.
Payment Services and Financial Institution phishing continued to suffer a high number of phishing attacks. But attacks against cloud storage and file hosting sites continued to drop, decreasing from 11.3 percent of all attacks in the first quarter of 2018 to just 2 percent in the first quarter of 2019.
Meanwhile, cybercriminals deployed HTTPS-protected phishing websites in record numbers, according to PhishLabs, posting a record high of nearly 60 percent of detected phishing websites in 1Q 2019 employing this data encryption protocol. Phishers turn this security utility against users, leveraging the HTTPS protocol's padlock icon that appears in the browser address bar to assure users that the website itself is trustworthy.
Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime.
((Comments on this story may be sent to email@example.com))
|Printer friendly Cite/link Email Feedback|
|Date:||May 23, 2019|
|Previous Article:||ADTRAN SmartOS platform leverages super-vectoring to deliver ultra-broadband Wi-Fi Services.|
|Next Article:||Swisscom moves mainframe workload to LzLabs cloud.|