Digital Transactions Authoritative, insightful and timely information for payments professionals
It’s well-known by now that e-commerce activity is on a sharp upswing, but the underside of that trend is that fraud is rising fast, as well. Phishing attacks, for example, hit a record high in July, according to the Anti-Phishing Working Group, which on Monday released its report for the third quarter. The APWG has been tracking this online crime since 2003.
Overall, the number of attacks has “more than doubled since early 2020,” the APWG report says. Then, the group was seeing anywhere from 68.000 to 94,000 attacks each month.
The July volume of phishing attacks reached 260,642, then moderated somewhat in August and September, with totals of 255,385 and 214,345, respectively, The number of phishing email subjects and the number of brands targeted by these emails, however, both increased dramatically, with the former skyrocketing from 11,384 in July to 64,233 in September.
In phishing attacks, fraudsters build fake sites to copy popular consumer brands and then send out emails to consumers with subject lines aimed at luring the unwary into clicking on links back to the spurious sites, where visitors are gulled into entering card data. The number of legitimate brands targeted by these fraudsters increased from 522 in July to 715 in September. Such attacks can also mimic emails from other trusted sources, such as banks, app providers, and universities.
If nothing else, the latest report could be seen as an effort by the APWG to warn against complacency. “The number of phishing sites being reported to APWG is now 10 times what it was 10 years ago, back in late 2011,” notes Greg Aaron, a senior research fellow at the Cambridge, Mass.-based organization, in a statement. “Phishing has not decreased as the online environment has evolved. It remains a dangerous, effective, and profitable activity for cybercriminals.”
The business most targeted by phishers is software-as-a-service and webmail organizations, which accounted for just over 29% of attacks in the third quarter. Financial institutions came in second at nearly 18%, while payments firms accounted for 7.1%, ranking sixth. Interestingly, cryptocurrency firms are now firmly in phishers’ sights, accounting for 5.6% of attacks, up from 2% in the first quarter.The alarming rise of phishing attacks indicated in the latest report is part of a broader trend indicating a general increase in this fraud over at least the past two years , though it may have taken on more momentum with the jump in e-commerce since the onset of the pandemic. The volume of phishing attacks in the fourth quarter of 2019, for example, was consistently under 100,000 per month, according to the APWG.
