Business Email Compromise Attack Ransom Demands Via Wire Transfer Nearly Doubled From Q3 2020 — and Increased 14 percent from Q4 2020
CAMBRIDGE, Mass., June 9, 2021 (Newswire.com) – The APWG’s new Phishing Activity Trends Report reveals that phishing maintained near-record levels in the first quarter of 2021, after landmark increases of 2020 in which reported phishing websites doubled. The number of reported phishing websites peaked in January 2021 with an all-time high of 245,771 before declining later in the quarter. Still, March suffered more than 200,00 such attacks, the fourth-worst month in APWG’s reporting history.
“The APWG’s members are reporting more confirmed phishing attacks,” said Greg Aaron, Senior Research Fellow at the APWG, and the editor of the new report. “There are, however, many more attacks that are not reported in our data repository. That means these numbers are the floor, and that the situation out on the Internet is worse than the mounting numbers indicate.”
In related news, APWG contributing member Agari found that Business E-mail Compromise (BEC) scams are becoming more costly for some victims. The average wire transfer request in BEC attacks increased to $85,000 in Q1 2021, up from $48,000 in Q3 2020. Agari also tracked a new tactic being used by BEC scammers: the “aging report” scam.
“The attacker impersonates a company’s executive and simply requests a copy of a recent aging report from their accounting department, which contains a list of all unpaid customer accounts, as well as the names and email addresses of the primary customer contacts,” said Crane Hassold, Senior Director of Threat Research at Agari. “Once an attacker has received an aging report, he will then target the victim’s customers, requesting that they pay their overdue invoices to a new bank account controlled by the scammer.”
APWG contributor OpSec Security found that phishing that targeted financial institutions was the largest category of phishing in the first quarter, representing 24.9 percent of all attacks. OpSec also observed that that phishing against the social media sector ballooned to 23.6 percent of all attacks, up from 11.8 percent in Q4 2020.
Phishers are also deploying encryption to fool users into thinking that phishing sites are legitimate and safe. APWG contributor PhishLabs found that, in the first quarter of 2021, 83 percent of phishing sites had SSL encryption enabled. This number plateaued for the first time since PhishLabs began studying the numbers in 2015.
RiskIQ analyzed the use of domain names for phishing and analyzed several specific phishing campaigns. “As the global pandemic is not yet behind us, we must maintain and encourage vigilance against scammers who will continue to try and illegally profit by abusing the public’s interest in vaccination,” said Jonathan Matkowsky, Vice-President of Digital Risk at RiskIQ.
The full text of the report is available here: https://docs.apwg.org/reports/apwg_trends_report_q1_2021.pdf
For media inquiries related to the APWG:
Secretary General Peter Cassidy (email@example.com, +1.617.669.1123).
For company-specific content related to this release, please contact:
Stefanie Ellis at OpSesc Security (Stefanie.firstname.lastname@example.org);
Seth Knox of Agari (email@example.com, +1.650.627.7667);
Eduardo Schultze of Axur (firstname.lastname@example.org,+55 51 3012-2987);
Stacy Shelley of PhishLabs (email@example.com, +1.843.329.7824);
Holly Hitchcock of RiskIQ (firstname.lastname@example.org).
Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs, ESPs, domain name registrars and registries, and telcos, the law enforcement community, solutions providers, security services providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in APWG worldwide. APWG’s www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative and founder/curator of the Symposium on Electronic Crime Research, the world’s only peer-reviewed conference dedicated specifically to electronic crime studies. APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe (Convention on Cybercrime), the United Nations (Office of Drugs and Crime), Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a founding member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Among APWG’s corporate sponsors are: Acronis, Afilias, AGARI, AhnLab, AT&T, Allure Security, AREA 1, AIT, Avast, Awayr AI, AXUR, Bolster, ByteDance, CaixaBank, Check Point, Cisco, CLARO, Cloudflare, CLOUDMARK, COFENSE, Coinbase, Comcast, CSC, CSIRT BANELCO, CSIS, CYREN, Cyxtera, CZ.NIC, DigiCert, DNS Belgium, DomianTools, Entrust Datacard, ESET, Facebook, FirstRand, Fortinet, FraudWatch, GetResponse, GMS Securidad, GoDaddy Registry, Group-IB, Hitachi Systems, ICANN, Infoblox, Ingressum, IQ Global, iThreat, Kaspersky, KnowBe4, Lenos Software, LINE, Looking Glass, LSEC, Mailshell, McAfee, Microsoft, Mimecast, NAVER, Netcraft, NetSTAR, Noblis, Nominet, Opera, OpSec Security, Palo Alto Networks, PANDI, PayPal, PhishLabs, Proofpoint, Rakuten, Red Sift, REDIRIS, RiskIQ, RSA, Salesforce, Secutec, SIDN, SlashNext, Sopos, SWITCH, Symantec, Thomsen Trampedach, ThreatSTOP, TNO, TrendMicro, Trustwave, Twilio, Vade, Verisign, Viettel Cyber Security, Webroot, workday, ZeroFOX, ZibaSec, ZIX, and zvelo.