APWG Q2 Cybercrime Report: Phishing Sustains Elevated 'New Normal' Attack Volume Into the Middle of 2021

9/22/2021, 2:06 PM (Source: GlobeNewswire)

CAMBRIDGE, Mass., Sept. 22, 2021 (GLOBE NEWSWIRE) -- The APWG's new Phishing Activity Trends Report reveals that phishing sustained near-record levels through the first half of 2021, after doubling over the course of 2020. APWG saw 222,127 attacks in June 2021, which was the third-worst month in APWG's reporting history.

APWG contributor OpSec Security found that the financial institution and social media sectors were the most frequently victimized by phishing in the second quarter. OpSec observed marked increases in phishing against brands of cryptocurrency companies, such as cryptocurrency exchanges and wallet providers, rocketing from 2 percent of all attacks in Q1 to 7.5 percent of all attacks in Q2.

Noted Stefanie Wood Ellis, Director, Product Management at OpSec Security: "OpSec continues to observe increases in vishing and smishing. Vishing is phishing advertised via voice messages, and smishing is phishing advertised in SMS messages. Smishing is becoming more common and is being used to attack organizations that are primarily mobile app-driven."

In related news, APWG contributing member Agari by HelpSystems found that Business E-mail Compromise (BEC) scams are becoming even more costly for victims. Agari found that in wire transfer BEC attacks in Q2, the attackers asked for an average of $106,000, up from $48,000 a year before. In May 2021, Agari also found, the percentage of payroll diversion BEC attacks surpassed wire transfer BEC attacks for the first time since September 2019.

Phishers continue to deploy encryption to fool users into thinking that phishing sites are legitimate and safe. APWG contributor PhishLabs found that in the second quarter of 2021, 82 percent of phishing sites had SSL encryption enabled. This number has decreased over two quarters, perhaps indicating that encryption has reached a maximum across the web.

Contributing member RiskIQ analyzed the use of domain names for phishing, and examined several specific phishing campaigns, while member Axur documented how phishing has declined in Brazil, illustrating how patterns of cybercrime can differ based on region and culture.

The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_q2_2021.pdf

About the APWG

Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 1,800 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative https://education.apwg.org/safety-messaging-convention and founder/curator of the eCrime Researchers Summit, the world's only peer-reviewed conference dedicated specifically to electronic crime studies https://ecrimeresearch.org/ecrime-symposium. APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe's Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Among APWG's corporate sponsors are: Accenture, Acronis, Afilias, AGARI, AhnLab, AT&T, Allure Security, AREA 1, AIT, Avast, Awayr AI, AXUR, Banelco CSIRT, Bolster, BrandShield, Browlser, ByteDance, Canva, CaixaBank, Check Point, Cisco, CLARO, Cloudflare, CLOUDMARK, COFENSE, Coinbase, Comcast, CSC, CSIRT BANELCO, CSIS, Cyan Digital Security, CYREN, Cyxtera, CZ.NIC, DigiCert, DNS Belgium, DomianTools, Entrust Datacard, ESET, Facebook, FirstRand, Fortinet, FraudWatch, GetResponse, GMS Securidad, GoDaddy Registry, Group-IB, Guidewire. Hitachi Systems, ICANN, Infoblox, Ingressum, IQ Global, iThreat, Kaspersky, KnowBe4, Lenos Software, LINE, Looking Glass, LSEC, Mailshell, McAfee, Microsoft, Mimecast, NAVER, Netcraft, NetSTAR, Noblis, Nominet, Opera, OpSec Security, Palo Alto Networks, PANDI, PayPal, PhishLabs, Proofpoint, Qintel, Rakuten, Recorded Future, Red Sift, REDIRIS, RiskIQ, RSA, SafeGuard Cyber, Salesforce, Secutec, SIDN, SlashNext, Sopos, SWITCH, Symantec, Thomsen Trampedach, ThreatSTOP, TNO, TrendMicro, Trustwave, Twilio, Vade, Verisign, Viettel Cyber Security, Webroot, workday, ZeroFOX, ZibaSec, ZIX, and zvelo.


For media inquiries related to the APWG, please contact APWG Secretary General Peter Cassidy (pcassidy@apwg.org, +1.617.669.1123). 

Or for company-specific content related to this release, please contact: Stefanie Wood Ellis at OpSec Security (sellis@opsecsecurityonline.com);

Angela Tuzzo of Agari by HelpSystems (atuzzo@mrb-pr.com); Eduardo Schultze of Axur (eduardo.schultze@axur.com,+55 51 3012-2987);

Stacy Shelley of PhishLabs (stacy@phishlabs.com, +1.843.329.7824);

Holly Hitchcock of RiskIQ (holly@frontlines.io).

Related Images

Image 1: Phishing Sites, Q3 2020 - Q2 2021

The number of Unique Subjects has dipped as more submitted emails have had duplicative subject lines. The number of brands attacked each month has trended upwards, with a high of 500 in May 2021

Image 2: Most-Targeted Industries, 2Q 2021

Phishing against cryptocurrency cryptocurrency exchanges and wallet providers leapt from 2 percent of all attacks in Q1, 2021 to 7.5 percent in Q2, 2021

Image 3: Domain Registrars Used by BEC Scammers, 2Q 2021

Namecheap and Public Domain Registry (PDR) continue be the primary registrars used by cybercriminals to register the domain names they use in BEC attacks. (39 percent of the total were at NameCheap, and 26 percent were at PDR.)

Image 4: Most-Targeted Industries, 2Q 2021

against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — rocketed from 2 percent of all attacks in Q1 to 7.5 percent in Q2

Image 5: APWG


This content was issued through the press release distribution service at Newswire.com.


Phishing Sites, Q3 2020 - Q2 2021

Phishing Sites, Q3 2020 - Q2 2021
Copyright GlobeNewswire, Inc. 2016. All rights reserved.
You can register yourself on the website to receive press releases directly via e-mail to your own e-mail account.