Apwg Trends Report Q2 2020 PRODUCTION
Phishing Activity Trends Report2 Quarter2020ndUni f yin g th eGlo bal Res po ns eTo C yb er cr im eTable of ContentsStatistical Highlights for 2nd Quarter 20173Phishing E-mail Reports and Phishing Site Trends4Brand-Domain Pairs Measurement5Brands & Legitimate Entities Hijacked byE-mail Phishing Attacks6Use of Domain Names for Phishing7-9Phishing and Identity Theft in Brazil10-11Most Targeted Industry Sectors12APWG Phishing Trends Report Contributors13Activity April-June 2020Published 27 August 2020
Phishing Activity Trends Report, 2nd Quarter 2020Phishing Report ScopeThe APWG Phishing Activity Trends Report analyzesphishing attacks and other identity theft techniques, asreported to the APWG by its member companies, itsGlobal Research Partners, through the organization’swebsite at http://www.apwg.org, and by e-mailsubmissions to reportphishing@antiphishing.org. APWGmeasures the evolution, proliferation, and propagation ofidentity theft methods by drawing from the research ofour member companies and industry experts.Cybercrime Gangs Attempting andAchieving Heists of Increasing ScalePhishing DefinedPhishing is a crime employing both social engineering andtechnical subterfuge to steal consumers’ personal identitydata and financial account credentials. Social engineeringschemes prey on unwary victims by fooling them intobelieving they are dealing with a trusted, legitimateparty, such as by using deceptive email addresses andemail messages. These are designed to lead consumers tocounterfeit Web sites that trick recipients into divulgingfinancial data such as usernames and passwords.Technical subterfuge schemes plant malware ontocomputers to steal credentials directly, often usingsystems that intercept consumers’ account user namesand passwords or misdirect consumers to counterfeitWeb sites.Phishing Activity Trends Summary The average wire transfer loss from Business EmailCompromise (BEC) attacks is increasing: Theaverage wire transfer attempt in the secondquarter of 2020 was 80,183, up notably from 54,000 in the first quarter. A Russian BECoperation has been targeting companies for anaverage of 1.27 million. [pp. 6-8] The number of phishing sites detected in thesecond quarter of 2020 was 146,994, down fromthe 165,772 observed in the first quarter. [p. 3] Phishing that targeted webmail and Software-as-aService (SaaS) users continued to be biggestcategory of phishing. Attacks targeting the SocialMedia sector increased in Q2 about 20 percentover Q1, primarily driven by targeted attacksagainst Facebook and WhatsApp. [p. 5] 78 percent of all phishing sites now use SSLprotection. [p. 11] After an explosion in 2019 and into early 2020,phishing in Brazil dropped back slightly. Whenphishers there registered domains names for theirattacks, most of those domains did not containnames of the target companies, or a compellingcatchword designed to fool people. [p. 9]Table of ContentsStatistical Highlights for 1st Quarter 20203Most-Targeted Industry Sectors5Business E-Mail Compromise (BEC)6Online Criminal Activity in Brazil9How Phishers Use Encryption to Fool Users11APWG Phishing Trends Report Contributors132Phishing Activity Trends Report2nd Quarter 2020www.apwg.org info@apwg.org
Phishing Activity Trends Report, 2nd Quarter 2020Statistical Highlights for 2nd Quarter 2020AprilM ayJuneNumber of unique phishing Web sites detected48,95152,00746,036Number of unique phishing e-mail reports (campaigns)43,28239,90844,497364352363received by APWG from consumersNumber of brands targeted by phishing campaignsAPWG’s contributing members report phishing URLs into APWG, and study the ever-evolving natureand techniques of cybercrime. The APWG tracks the number of unique phishing Web sites, a primarymeasure of phishing across the globe. This is determined by the unique base URLs of the phishing sites.(A single phishing site may be advertised as thousands of customized URLs, all leading to basically thesame attack destination.)The total number of phishing sites detected in the second quarter of 2020 was 146,994. That was down 11percent from the 165,772 in Q1 2020.Phishing Sites, 0,0000JanFeb3Phishing Activity Trends Report2nd Quarter 2020www.apwg.org info@apwg.orgMarAprMayJun
Phishing Activity Trends Report, 2nd Quarter 2020The APWG also tracks the number of unique phishing reports (email campaigns) it receives fromconsumers and the general public. An e-mail campaign is a unique e-mail sent out to multiple users,directing them to a specific phishing web site (multiple campaigns may point to the same web site).APWG counts unique phishing report e-mails as those found in a given month that have the same emailsubject line. The number of these unique phishing reports submitted to APWG during 2Q2020 was127,787. The numbers are generally comparable to previous quarters: 139,685 in 1Q2020, 132,553 in4Q2019, 122,359 in 3Q2019, and 112,163 in 2Q2019. These were phishing emails submitted to APWG, andthe total does not count phishing URLs reported by APWG members directly into APWG’s eCrimeExchange.4Phishing Activity Trends Report2nd Quarter 2020www.apwg.org info@apwg.org
Phishing Activity Trends Report, 2nd Quarter 2020Most-Targeted Industry Sectors – 2nd Quarter 2020In the second quarter of 2020, APWG member OpSec Security found that SaaS and webmail sitesremained the biggest targets of phishing, with more than 35% of all attacks. “In Q2 we detected a slightlyhigher concentration of attacks on the top targeted industries, with specific increases over Q1 inSAAS/Webmail and Social Media targets,” noted Stefanie Wood Ellis, Anti-Fraud Product & MarketingManager at OpSec Online. “Attacks targeting the Social Media sector increased in Q2 about 20 percentover Q1, primarily driven by targeted attacks against Facebook and WhatsApp.”OpSec Online (formerly founding APWG member MarkMonitor) offers world-class brand protectionsolutions.MOST-TARGETED INDUSTRY SECTORS,2H2020SAAS /Webmail,34.7%Cloud Storage / FileHosting, 2.9%Logistics /Shipping, 3.5%Other, 10.9%eCommerce /Retail, 7.5%Social Media,10.8%5Phishing Activity Trends Report2nd Quarter 2020www.apwg.org 8%
Phishing Activity Trends Report, 2nd Quarter 2020Business e-Mail Compromise (BEC), 2nd Quarter 2020APWG member Agari tracks the identity theft technique known as “business e-mail compromise” or BEC.In a BEC attack, a scammer targets employees who have access to company finances, usually by sendingthem email from fake or compromised email accounts (a “spear phishing” attack). The scammerimpersonates a company employee or other trusted party, and tries to trick the employee into sendingmoney. The attacker may prepare by spending weeks inside the organization’s network and accounts,studying the organization’s vendors, billing system, and even the CEO’s style of communication. BECattacks have caused aggregate losses in the billions of dollars, at large and small companies.Agari examined thousands of attempted BEC attacks it observed during Q2. Agari counts BEC as anyresponse-based spear phishing attack that involves the impersonation of a trusted party (a companyexecutive, vendor, etc.) to trick a victim into making a financial transaction or sending sensitive materials.Agari protects organizations against phishing, BEC scams, and other advanced email threats.Agari found that scammers requested funds in the form of gift cards in 66 percent of BEC attacks. About16 percent of attacks requested payroll diversions, down from 25 percent in 3Q2019. 18 percent requesteddirect bank transfers.The amount of money that an attacker can make by getting gift cards is significantly less than he can getwith a wire transfer. During the second quarter of 2020, the average amount of gift cards requested byBEC attackers was 1,213, down from 1,453 in the first quarter of 2020. Scam attempts around this dollaramount may have a decent chance of success, because they can be approved by multiple people in amedium-to-large company, and the amount is small enough to slip by some companies’ financial controls.Gift cards for eBay, Google Play, Apple iTunes, and Steam Wallet made up 70 percent of gift card requestsin the second quarter.On the other hand, BEC attacks that ask for wire transfers are pursuing much larger amounts. Theaverage BEC wire transfer attempt requested in the second quarter of 2020 was for 80,183, up notablyfrom 54,000 in the first quarter.About 72 percent of BEC attacks in Q2 were sent from free webmail accounts, up from 61 percent in Q1.Half of all BEC attacks sent from free webmail providers used Gmail. Notably, BEC attackers used severalservices in the Czech Republic, including Seznam.cz, Email.cz, and Post.cz:6Phishing Activity Trends Report2nd Quarter 2020www.apwg.org info@apwg.org
Phishing Activity Trends Report, 2nd Quarter 2020FREE WEBMAIL PROVIDERS USEDIN BEC ATTACKS, 5%Naver3%Post.cz3%Hotma Gmail50%Other20%Nearly a quarter (24%) of BEC attacks in 2Q202 were sent from email accounts hosted on domainsregistered by scammers. More than three quarters (76%) of those domains were registered at just fivedomain registrars: Namecheap (25%), Google (20%), Public Domain Registry (PDR) (17%), NameSilo (7%),and Tucows (7%).REGISTRARS USED TO REGISTER BECDOMAINS, 7Phishing Activity Trends Report2nd Quarter 2020www.apwg.org info@apwg.orgGoogle20%
Phishing Activity Trends Report, 2nd Quarter 2020According to Crane Hassold, Agari’s Senior Director of Threat Research, Russian cybercriminals havebeen using BEC attacks recently. Agari has given the code-name “Cosmic Lynx” to the first documentedRussian BEC group, which is one of the most important BEC groups outside of West Africa, where manyBEC attacks are launched. “We were expecting that Russian cybercriminals would move into the world ofBEC because the return on investment for basic social engineering attacks is much higher than launchingmore sophisticated (and more expensive) malware-based attacks,” said Hassold.Agari has observed more than 200 BEC campaigns linked to Cosmic Lynx since July 2019, which havetargeted individuals in 46 countries on six continents. Cosmic Lynx attacks large multinationalorganizations, many of which are Fortune 500 and Global 2000 companies. Cosmic Lynx employs a dualimpersonation scheme. The pretext of their attacks is that the target organization is preparing to close anacquisition with an Asian company as part of a corporate expansion.First Cosmic Lynx impersonate a company’s CEO, asking the target employee to work with “externallegal counsel” to coordinate the payments needed to close the acquisition. Then Cosmic Lynx hijacks theidentity of a legitimate attorney at a UK-based law firm, whose supposed job it is to facilitate thetransaction. The final stage of a Cosmic Lynx BEC attack is getting the target to send payments to muleaccounts controlled by the group.The average amount requested by Cosmic Lynx in its attacks is an astounding 1.27 million.Above: the locations of Cosmic Lynx targets8Phishing Activity Trends Report2nd Quarter 2020www.apwg.org info@apwg.org
Phishing Activity Trends Report, 2nd Quarter 2020Online Criminal Activity in BrazilAPWG member company Axur is located in Brazil and concentrates on protecting companies and theirusers in Brazil from Internet-based threats. Axur especially monitors attacks against banks, technologyfirms, airlines, and online marketplaces located in the country. Axur’s data shows how criminals areperpetrating identity theft in South America’s largest economy, and shows how these incidents are both alocal and international problems.In the second quarter of 2020, Axur observed 9,572 unique phishng cases in Brazil, down from 10,910 inthe first quarter, but far above the 8,782 seen in the fourth quarter of 2019, the 52,97 in Q2 of 2019, and the3,220 cases from 1Q2019. In other parts of the world, phishing did not leap so dramatically during thesame time period.Phishing Attacks Detected in Brazil, 005000The decrease in cases of digital fraud in June 2020 was most evident the banking and financial sector, asshown below. This dip also occurred between May and June of 2019. Even so, the banking and financialsector is still the primary target of phishing attacks in Brazil.9Phishing Activity Trends Report2nd Quarter 2020www.apwg.org info@apwg.org
Phishing Activity Trends Report, 2nd Quarter 2020PHISHING ATTACKS BY SECTOR, BRAZIL, 2Q20192Q2020Frequent-flyer programs/AirlinesOtherE-commerceBanks/Financial 698034771092133064656014811685016017JUN- JUL-19 AUG- SEP-19 7215861365976557133614910584651353288814055DEC- JAN-20 FEB-20 MAR19207506551022APR-MAY-JUN-202020329880320When phishers registered domains names for their attacks, Axur found that 58 percent of those domainsdid not contain brand names (the names of the target companies), and did not contain a compellingcatchword (like “accountupdate“ or “sale”) designed to fool consumers. This shows phishers trying toavoid detection, because telltale words in domain names are easier for defenders to find.10Phishing Activity Trends Report2nd Quarter 2020www.apwg.org info@apwg.org
Phishing Activity Trends Report, 2nd Quarter 2020How Phishers Use Encryption to Fool VictimsAPWG contributor PhishLabs has been tracking how many phishing sites are protected by the HTTPSencryption protocol. HTTPS is used to secure communications by encrypting the data exchanged betweena person’s browser and the web site he or she is visiting. HTTPS is especially important on sites that offeronline sales or password-protected accounts. Studying HTTP on phishing sites provides insight into howphishers are fooling Internet users by turning an Internet security feature against them. PhishLabsprovides managed security services that help organizations protect against phishing attacks targetingtheir employees and their customers.% of Phishing Attacks Hosted on HTTPS90%% OF PHISHING 4Q1Q2Q3Q4Q1Q22016 2017 2017 2017 2017 2018 2018 2018 2018 2019 2019 2019 2019 2020 2020QUARTER“The number of phishing sites using TLS continues to increase,” said John LaCour, Founder and CTO ofDigital Risk Protection company PhishLabs. “Most web sites—good and bad—now use TLS. Phishers arehacking into legitimate web sites and placing their phishing files on those compromised sites.”In the second quarter of 2020, the percentage of phishing sites using SSL/TLS certificates increased slightlyto 77.6 percent, up from 74 percent the prior quarter. 36.2 percent of all certificates seen in phishingattacks during the quarter were issued by the certificate authority Let’s Encrypt, which issues freecertificates.11Phishing Activity Trends Report2nd Quarter 2020www.apwg.org info@apwg.org
Phishing Activity Trends Report, 2nd Quarter 2020“The vast majority of certificates used in phishing attacks — 91 percent — are Domain Validated (“DV”)certificates,” noted LaCour. “Interestingly, we found 27 web sites that were using Extended Validation(“EV”) certificates.” This use of Extended Validation certificates is a serious business. The point of anExtended Validation certificate is that they require verification of the requesting entity's legal identitybefore the certificate is issued. In the sites detected, hackers didn’t manage to get EV certificatesthemselves – they hacked web sites that already had them.12Phishing Activity Trends Report2nd Quarter 2020www.apwg.org info@apwg.org
Phishing Activity Trends Report, 2nd Quarter 2020APWG Phishing Activity Trends Report ContributorsAgari protects organizationsagainst phishing, business emailcompromise (BEC) scams, andAxur works to identify and fightthe threats in the cyberspace thatinterfere with the interests ofother advanced email threats.companies, governments, andOpSec Online (formerlythreat intelligence and mitigationfounding APWG memberMarkMonitor ), offers world classbrand protection solutions.individuals.PhishLabs provides managedservices that protect brands,customers, and the enterprisefrom digital risks.Illumintel provides intelligence,analysis, due diligence, and publicpolicy advising in the areas ofcybersecurity and Internet-basedcommerce.RiskIQ is a digital threatmanagement company enablingorganizations to discover,understand and mitigate known,unknown, and malicious exposureacross all digital channelsAbout the APWGFounded in 2003, the Anti-Phishing Working Group (APWG) is a not-for-profit industry association focused oneliminating the identity theft and frauds that result from the growing problem of phishing, crimeware, and email spoofing. Membership is open to qualified financial institutions, online retailers, ISPs, solutions providers,the law enforcement community, government agencies, multi-lateral treaty organizations, and NGOs. There aremore than 2,000 enterprises worldwide participating in the APWG.APWG maintains it public website, http://www.antiphishing.org ; the website of the STOP. THINK.CONNECT. Messaging Convention http://www.stopthinkconnect.org and the APWG’s research website http://www.ecrimeresearch.org . These are resources about the problem of phishing and Internet frauds– andresources for countering these threats. The APWG, a 501(c)6 tax-exempted corporation, had its first meeting inNovember 2003 in San Francisco, and was incorporated in 2004 as an independent corporation controlled by itsboard of directors, its executives and its steering committee.The APWG Phishing Activity Trends Report is published by the APWG. For further information about the APWG, please contactAPWG Deputy Secretary General Foy Shiver (foy@apwg.org, 1.404.434.728). For media inquiries related to the companycontent of this report, please contact APWG Secretary General Peter Cassidy (pcassidy@apwg.org, 1.617.669.1123); StefanieEllis at OpSec Security (Stefanie.ellis@markmonitor.com); Jean Creech of Agari (jcreech@agari.com, 1.650.627.7667); EduardoSchultze of Axur (eduardo.schultze@axur.com, 55 51 3012-2987); Stacy Shelley of PhishLabs (stacy@phishlabs.com, 1.843.329.7824); Kari Walker of RiskIQ (Kari@KariWalkerPR.com, 1.703.928.9996). Analysis and editing by Greg Aaron,13 Illumintel Inc., www.illumintel.comPhishing Activity Trends Report2nd Quarter 2020www.apwg.org info@apwg.org
Phishing Activity Trends Report 2nd Quarter 2020 www.apwg.org info@apwg.org 4 Phishing Activity Trends Report, 2nd Quarter 2020 The APWG also tracks the number of unique phishing reports (email campaigns) it receives from consumers and the general public. An e-mail campaign is a unique e-mail sent out to multiple users,
Phishing Activity Trends Report 3rd Quarter 2020 www.apwg.org info@apwg.org 4 Phishing Activity Trends Report, 3rd Quarter 2020 0 50,000 100,000 150,000 200,000 250,000 Aug-19 Sep-19 Oct-19 Nov-19 Dec-19 Jan-20 Feb-20 Mar-20 Apr-20 May-20 Jun-20 Jul-20 Aug-20 Sep-20 Phishing Activity, 3Q 2019 to 3Q 2020 Phishing sites Unique email subjects .
Phishing Activity Trends Report, 4th Quarter 2015 ! The Retail / Service sector became the most-targeted industry sector in the fourth quarter of 2015, with 24.03 percent of attacks, followed closely by Financial Services. In the first three quarters of 2015, ISPs had been the most-targeted industry segment.
Trends in Care Delivery and Community Health State Public Health Leadership Webinar Deloitte Consulting LLP June 20, 2013. . Current state of Accountable Care Organizations (ACOs) and trends. Current state of Patient-Centered Medical Homes (PCMHs) and trends. Introduction.File Size: 2MBPage Count: 38Explore further2020 Healthcare Trends and How to Preparewww.healthcatalyst.comFive Health Care Trends For 2020 Health Affairswww.healthaffairs.orgTop 10 Emerging Trends in Health Care for 2021: The New .trustees.aha.orgRecommended to you b
EU Tracker Questions (GB) Total Well Total Badly DK NET Start of Fieldwork End of Fieldwork 2020 15/12/2020 16/12/2020 40 51 9-11 08/12/2020 09/12/2020 41 47 12-6 02/12/2020 03/12/2020 27 57 15-30 26/11/2020 27/11/2020 28 59 13-31 17/11/2020 18/11/2020 28 60 12-32 11/11/2020 12/11/2020 28 59 12-31 4/11/2020 05/11/2020 30 56 13-26 28/10/2020 29/10/2020 29 60 11-31
Data Center Trends And Design. Data Center Trends & Design Agenda IT Trends Cooling Design Trends Power Design Trends. IT Trends Virtualization . increasing overall electrical efficiency by 2%. Reduces HVAC requirements by 6 tons/MW. Reduces the amount of equipment needed to support the load,
FinTech waves – Italian FinTech Ecosystem 2020 2 Research goals and methods 3 Executive summary 5 Update post COVID-19 8 1 Financial services trend 10 Global trends 11 Europe trends 13 Italian trends 16 2 The FinTech market 26 FinTech environment 27 Global trends 29 Europe trends 39 Italian trends 45 3 Italian FinTech ecosystem 53 4 The investor
Cadillac Escalade, Escalade ESV 2020 2020 Cadillac XT4 2020 2020 Cadillac XT5 2020 2020 Chevrolet Blazer 2019 2020 Chevrolet Express 2018 2021 Chevrolet Silverado 1500 2018 2020 Chevrolet Suburban 2020 2020 Chevrolet Tahoe 2020 2020 Chevrolet Traverse 2020 2020 GMC Acadia 2019 2020 GMC Savana 2018 2021
Running training plan: Marathon beginner Introduction This training plan, put together by our coaching partners Running With Us, is designed to get you to the start line of the marathon feeling prepared and confident that you can achieve your goal. This 16 week beginners runner’s plan is designed for those who are either new to regular running or those stepping up to longer distances for the .
