Press release

Phishing of SaaS and Webmail Brands Surpasses Phishing Attacks on Payment Brands for the First Time

Sponsored by Businesswire

According to the APWG’s new Q1 2019 Phishing Activity Trends Report,
users of Software-as-a-Service (SaaS) and webmail services are being
targeted with increasing frequency. The category became the biggest
target in Q1, accounting for 36 percent of all phishing attacks, for the
first time eclipsing the payment-services category which suffered 27
percent of attacks recorded in the quarter.

Online SaaS applications have become fundamental business tools, since
they are convenient to use and cost-effective. SaaS services include
sales management, customer relationship management (CRM), human
resource, billing and other office applications and collaboration tools.
“Phishers are interested in stealing logins to SaaS sites because they
yield financial data and also personnel data, which can be leveraged for
spear-phishing,” said Greg Aaron, APWG Senior Research Fellow.

Stefanie Ellis, AntiFraud Product & Marketing Manager at MarkMonitor
said, “The total number of confirmed phishing sites increased in early
2019, with the biggest jump in March.”

The total number of phishing sites detected in 1Q of 2019 was 180,768.
That was up notably from the 138,328 seen in the fourth quarter of 2018,
and from the 151,014 seen in the third quarter of 2018.

Payment Services and Financial Institution phishing continued to suffer
a high number of phishing attacks. But attacks against cloud storage and
file hosting sites continued to drop, decreasing from 11.3 percent of
all attacks in the first quarter of 2018 to just 2 percent in the first
quarter of 2019.

Meanwhile, cybercriminals deployed HTTPS-protected phishing websites in
record numbers, according to PhishLabs, posting a record high of nearly
60 percent of detected phishing websites in 1Q 2019 employing this data
encryption protocol. Phishers turn this security utility against users,
leveraging the HTTPS protocol’s padlock icon that appears in the browser
address bar to assure users that the website itself is trustworthy.

“In Q1 2019, 58 percent of phishing sites were using SSL certificates, a
significant increase from the prior quarter where 46 percent were using
certificates,” said John LaCour, CTO of PhishLabs. “There are two
reasons we see more. Attackers can easily create free DV (Domain
Validated) certificates, and more web sites are using SSL in general.
More web sites are using SSL because browser warning users when SSL is
not used. And most phishing is hosted on hacked, legitimate sites.”

Also in this quarter’s Trends report: APWG contributor Axur
documents phishing trends in Brazil, and researchers at APWG member
PhishLabs document a significant increase in the use of SSL certificates
on phishing web sites.

The full text of the report is available here:

About the APWG
Founded in 2003, the Anti-Phishing Working Group, (APWG)
is the global industry, law enforcement, and government coalition
focused on unifying the global response to electronic crime. Membership
is open to qualified financial institutions, online retailers, ISPs and
Telcos, the law enforcement community, solutions providers, multilateral
treaty organizations, research centers, trade associations and
government agencies. There are more than 1,800 companies, government
agencies and NGOs participating in the APWG worldwide. The APWG’s <>
and <>
websites offer the public, industry and government agencies practical
information about phishing and electronically mediated fraud as well as
pointers to pragmatic technical solutions that provide immediate
protection. The APWG is co-founder and co-manager of the STOP. THINK.
CONNECT. Messaging Convention, the global online safety public awareness
collaborative <>
and founder/curator of the eCrime Researchers Summit, the world’s only
peer-reviewed conference dedicated specifically to electronic crime
studies <>
with proceedings published by the IEEE. APWG advises hemispheric and
global trade groups and multilateral treaty organizations such as the
European Commission, the G8 High Technology Crime Subgroup, Council of
Europe’s Convention on Cybercrime, United Nations Office of Drugs and
Crime, Organization for Security and Cooperation in Europe, Europol EC3
and the Organization of American States. APWG is a member of the
steering group of the Commonwealth Cybercrime Initiative at the
Commonwealth of Nations. Among APWG’s corporate sponsors are: AhnLab,
Area 1, AT&T (T), Afilias Ltd., AnchorFree, Avast!, AVG Technologies,
Axur, Baidu Antivirus, BANDURA Systems, Bangkok Bank, BBN Technologies,
Barracuda Networks, BillMeLater, Bkav, Blue Coat, BrandMail,
BrandProtect, Bsecure Technologies, CSC Digital Brand Services, Check
Point Software Technologies, Claro, Cloudmark, Cofense, Comcast,
CrowdStrike, CSIRTBANELCO, Cyxtera, Cyber Defender, CYREN, Cyveillance,
DNS Belgium, DigiCert, Domain Tools, Donuts, Duo Security, Easy
Solutions, PayPal, eCert, EC Cert, ESET, EST Soft, Facebook, FeelSafe
Digital, FEBRABAN, Fortinet, FraudWatch International, F-Secure,
GetResponse, GlobalSign, GoDaddy, Google, Hauri, Hitachi Systems, Ltd.,
Huawei, Hyas, ICANN, Identity Guard, Infoblox, IronPort (Cisco),
Infoblox, Ingressum, Intel (INTC), Interac, IT Matrix, iThreat Cyber
Group, iZOOlogic, Kaspersky Lab, KnowBe4, LaCaixa, Lenos Software, LINE,
LookingGlass, MX Tools, MailChannels, MailJet, MailChimp, MailShell,
MailUp, MarkMonitor (TRI), Microsoft (MSFT), MicroWorld, Mimecast,
Mirapoint, NHN, NZRS, MyPW, nProtect Online Security, Netcraft, Network
Solutions, NeuStar, Nominet, Nominum, NZRS Limited, PARENTHETIC, Public
Interest Registry, Phishlabs, PhishMe,, Prevalent, Prevx,
Proofpoint, PSafe, RSA Security (EMC), Rakuten, RedMarlin, Return Path,
RiskIQ, RuleSpace, SalesForce, SecureBrain, SegaSec, SendGrid, S21sec,
SIDN, SilverPop, SiteLock, SnoopWall, SoftForum, SoftLayer,
SoftSecurity, SOPHOS, SunTrust, SurfControl, Symantec (SYMC), TDS
Telecom, Telefonica (TEF), ThreatSTOP, TransCreditBank, Trend Micro
(TMIC), Trustwave, UITSEC, Vasco (VDSI), VADE-RETRO, VeriSign (VRSN),
VILSOL, Webroot, ßZIX, and zvelo.