Phishing of SaaS and Webmail Brands Surpasses Phishing Attacks on Payment Brands for the First Time
Use of HTTPS Protocol on Phishing Websites Reaches Record High
According to the APWG’s new Q1 2019 Phishing Activity Trends Report, users of Software-as-a-Service (SaaS) and webmail services are being targeted with increasing frequency. The category became the biggest target in Q1, accounting for 36 percent of all phishing attacks, for the first time eclipsing the payment-services category which suffered 27 percent of attacks recorded in the quarter.
“Phishers are interested in stealing logins to SaaS sites because they yield financial data and also personnel data, which can be leveraged for spear-phishing”
Online SaaS applications have become fundamental business tools, since they are convenient to use and cost-effective. SaaS services include sales management, customer relationship management (CRM), human resource, billing and other office applications and collaboration tools. “Phishers are interested in stealing logins to SaaS sites because they yield financial data and also personnel data, which can be leveraged for spear-phishing,” said Greg Aaron, APWG Senior Research Fellow.
Stefanie Ellis, AntiFraud Product & Marketing Manager at MarkMonitor said, “The total number of confirmed phishing sites increased in early 2019, with the biggest jump in March.”
The total number of phishing sites detected in 1Q of 2019 was 180,768. That was up notably from the 138,328 seen in the fourth quarter of 2018, and from the 151,014 seen in the third quarter of 2018.
Payment Services and Financial Institution phishing continued to suffer a high number of phishing attacks. But attacks against cloud storage and file hosting sites continued to drop, decreasing from 11.3 percent of all attacks in the first quarter of 2018 to just 2 percent in the first quarter of 2019.
Meanwhile, cybercriminals deployed HTTPS-protected phishing websites in record numbers, according to PhishLabs, posting a record high of nearly 60 percent of detected phishing websites in 1Q 2019 employing this data encryption protocol. Phishers turn this security utility against users, leveraging the HTTPS protocol’s padlock icon that appears in the browser address bar to assure users that the website itself is trustworthy.
“In Q1 2019, 58 percent of phishing sites were using SSL certificates, a significant increase from the prior quarter where 46 percent were using certificates,” said John LaCour, CTO of PhishLabs. “There are two reasons we see more. Attackers can easily create free DV (Domain Validated) certificates, and more web sites are using SSL in general. More web sites are using SSL because browser warning users when SSL is not used. And most phishing is hosted on hacked, legitimate sites.”
Also in this quarter’s Trends report: APWG contributor Axur documents phishing trends in Brazil, and researchers at APWG member PhishLabs document a significant increase in the use of SSL certificates on phishing web sites.