Both consumer-facing phishing scams and business-targeted spear-phishing rose in 2015, according to a new Anti-Phishing Working Group (APWG) report on the global state of Internet security report, released Thursday.
Phishers have increased cyber attacks on Internet Service Providers (ISPs) this year to gain access to users’ email accounts, private and identifiable information, credit card details and access to domain names. ISPs are now the most targeted industry sector for phishing scams, followed by the payment and financial services industry, according to the APWG report.
Cybercriminals have also increased their attacks on companies by perpetuating wire fraud scams, or Business Email Compromise (BEC) scams. For example, a scam might target the financial controller of an organization to trick them into transferring money into a criminal’s bank account.
“BEC scams seek to socially engineer the employees of a business,” states Carl Leonard, principal security analyst and APWG member. “The attacks use a form of spear-phishing, and initial attacks sent the spear-phishing emails from free domain names that closely resembled the victim company's domain name. Later attacks used a forged "from" address that matched the victim’s domain. We strongly encourage that businesses educate their employees about the dangers of these scams and implement technologies that intercept the incoming emails.”
BEC attacks rose 270% from January to August 2015, according to the Federal Bureau of Investigation.
At any given point this year, around a third of global computers were infected with malware, per the APWG. In the first quarter of 2015, 26.51% of computers were infected in, with 32.21% in second-quarter 2015 and 32.12% in third-quarter 2015.
The APWG detected 630,494 phishing sites between the first quarter and third quarter of 2015. The majority of hosted phishing sites originate from the United States, which ranked as the top hosting country in eight of the nine months analyzed for the report. Belize outranked the United States in September when it hosted 52.65% of phishing sites, compared to 36.69% in the United States. The United Kingdom came in at a percentage far behind in third place, hosting less than 1% of phishing sites.
The APWG was founded in 2003 as a global coalition to respond to cybercrime. Its global membership now contains more than 1800 institutions across industry, government, law-enforcement and the private sector.