Press release

APWG Q2 2019 Report: Phishing Attacks Maintaining Focus on Hosted Email and SaaS Providers

Sponsored by Businesswire

According to the APWG’s new Phishing Activity Trends Report, phishing attacks continued to rise into the summer of 2019 with cybercrime gangs’ focus on branded webmail and SaaS providers remaining very keen. The report also documents how criminals are increasingly perpetrating business email compromise (BEC) attacks by using gift card cash-out schemes.

The number of phishing attacks observed in the second quarter of 2019 eclipsed the number seen in the three quarters before. The total number of phishing sites detected by APWG in April through June 2019 was 182,465. This topped the 180,768 seen in 1Q2019, and was up notably from the 138,328 seen in the fourth quarter of 2018. SaaS and branded Webmail providers were counted as the most targeted sector with 36 percent of all phishing attacks recorded targeting its constituents’ brands, according to APWG member MarkMonitor.

The report also demonstrates why employees should beware of requests for gift cards and payroll account change requests at the workplace. APWG member Agari tracked “business email compromise” (BEC) attacks across the quarter, watching gangs use targeted spear phishing to trick victims into sending funds or sensitive information to the criminal, often impersonating a trusted colleague or supervisor directing the employee to send out a gift card for a favored customer or an employee. Agari documented that gift cards were requested in 65 percent of BEC attacks during the second quarter of 2019. About 20 percent of attacks requested payroll diversions, and 15 percent requested direct bank transfers.

“Nearly two-thirds of all BEC attacks observed by the Agari Cyber Intelligence Division requested that the target purchase gift cards and send them to the attacker,” said Crane Hassold, Agari’s Senior Director of Threat Research. “Because they are more anonymous, less reversible, and do not require the use of a mule intermediary, gift cards have quickly emerged as the most popular cash out option for scammers over the past year.” Hassold also noted that the bogus bank transfer requests represented a large threat – the average request was for a whopping $64,717. One attempt that Agari documented was a request for $950,000.

BEC attacks may be driving other kinds of phishing attacks. APWG member MarkMonitor noted that SaaS and webmail sites remained the biggest targets of phishing. Phishers harvest credentials to those kinds of sites to then perpetrate effective BEC attacks and to penetrate corporate accounts.

Also in this quarter’s Trends report: researchers at APWG member PhishLabs documents the use of SSL certificates on phishing web sites; APWG member RiskIQ analyses were phishers register domain names; APWG contributor Axur documents phishing trends in Brazil.

The full text of the report is available here:

About the APWG

Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 1,800 companies, government agencies and NGOs participating in the APWG worldwide. The APWG’s <> and <> websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative <> and founder/curator of the eCrime Researchers Summit, the world’s only peer-reviewed conference dedicated specifically to electronic crime studies <> with proceedings published by the IEEE. APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe’s Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Among APWG’s corporate sponsors are: AhnLab, Area 1, AT&T (T), Afilias Ltd., AnchorFree, Avast!, AVG Technologies, Axur, Baidu Antivirus, BANDURA Systems, Bangkok Bank, BBN Technologies, Barracuda Networks, BillMeLater, Bkav, Blue Coat, BrandMail, BrandProtect, Bsecure Technologies, CSC Digital Brand Services, Check Point Software Technologies, Claro, Cloudmark, Cofense, COINBASE, Comcast, CrowdStrike, CSIRTBANELCO, Cyxtera, Cyber Defender, CYREN, Cyveillance, DNS Belgium, DigiCert, Domain Tools, Donuts, Duo Security, Easy Solutions, PayPal, eCert, EC Cert, ESET, EST Soft, Facebook, FeelSafe Digital, FEBRABAN, Fortinet, FraudWatch International, F-Secure, GetResponse, GlobalSign, GoDaddy, Google, Hauri, Hitachi Systems, Ltd., Huawei, Hyas, ICANN, Identity Guard, Infoblox, IronPort (Cisco), Infoblox, Ingressum, Intel (INTC), Interac, IT Matrix, iThreat Cyber Group, iZOOlogic, Kaspersky Lab, KnowBe4, LaCaixa, Lenos Software, LINE, LookingGlass, MX Tools, MailChannels, MailJet, MailChimp, MailShell, MailUp, MarkMonitor (TRI), Microsoft (MSFT), MicroWorld, Mimecast, Mirapoint, NHN, NZRS, MyPW, nProtect Online Security, Netcraft, Network Solutions, NeuStar, Nominet, Nominum, NZRS Limited, PARENTHETIC, Public Interest Registry, Phishlabs, PhishMe,, Prevalent, Prevx, Proofpoint, PSafe, RSA Security (EMC), Rakuten, RedMarlin, Return Path, RiskIQ, RuleSpace, SalesForce, SecureBrain, SegaSec, SendGrid, S21sec, SIDN, SilverPop, SiteLock, SnoopWall, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust, SurfControl, Symantec (SYMC), TDS Telecom, Telefonica (TEF), ThreatSTOP, TransCreditBank, Trend Micro (TMIC), Trustwave, UITSEC, Vasco (VDSI), VADE-RETRO, VeriSign (VRSN), VILSOL, Webroot, ßZIX, and zvelo.