David Goldstein - Phishing Reaches All - Time High in 2016


    The number of phishing attacks, and the number of domain names used for phishing, reached an all-time high, according to the latest Global Phishing Survey from the Anti-Phishing Work Group. Further, malicious domain name registrations are now at an all-time high.

    Phishing is also increasing in the new generic top level domains (new gTLDs), but is not yet as pervasive as it is in the domain space as a whole. By the end of 2016, almost half of the new gTLDs that were available for open registration, had phishing in them. Phishing occurred in 454 TLDs with 228 of these new gTLDs.

    So what is phishing? “Phishing is an attack that relies primarily on fooling people, rather than highly sophisticated technical implementations,” said APWG Senior Research Fellow and iThreat VP Greg Aaron.”

    The phish can be an attempt to obtain personal and financial information, such as credit card details, often through an email that is made to look as though it is a legitimate brand. The email will include a link to a malicious website using a domain name that may, or may not, resemble that of a popular brand.

    There were at least 255,065 unique phishing attacks worldwide, according to the report, an increase of over 10% from the 230,280 attacks identified in 2015. An attack is defined as a phishing site that targets a specific brand or entity. A single domain name can host several discrete phishing attacks against different banks, for example.

    The attacks occurred on 195,475 unique domain names. This is the most APWG have recorded in any year since they began these reports in 2007. The number of domain names in the world grew from 287.3 million in December 2014 to 329.3 million in December 2016.

    Of the 195,475 domains used for phishing, 95,424 domain names were identified that are believed to have been registered maliciously by phishers. This is an all-time high, and almost three times as many as the number found in 2015. A little over half of these registrations were made by Chinese phishers. The other 100,051 domains were almost all hacked or compromised on vulnerable web hosting. This means that nearly half of all domains that hosted phishing sites were maliciously registered.

    Seventy-five percent of the malicious domain registrations were in just four TLDs: .com, .cc, .pw, and .tk. More than 90% of malicious domains were found in just 14 TLDs.

    Phishers continue to target some of the biggest brands online with new companies constantly being targeted by phishers, while a few brands face an onslaught of thousands of attacks per year. The brunt of phishing is borne by the top 10 targets, which suffered over three-quarters of all the phishing attacks mounted in 2016. Phishers continued to attack popular targets such as PayPal, Yahoo!, Apple and heavily. These 4 e-commerce giants suffered more than 30,000 phishing attacks against their respective services and brands in 2016. Together, they were the targets of over 57% of the world’s phishing attacks. The next six brands were targeted for a combined 21% of all phishing attacks -- meaning the top 10 targets accounted for 78% of all phishing attacks observed worldwide.

    Chinese brands were also heavily targeted with 64,688 phishing sites targeting 79 different Chinese brands, representing 25% of all phishing attacks observed in 2016.