The number of phishing campaigns has been expanding steadily in recent years as cybercriminals target both private individuals and corporations with social engineering scams, according to the Anti-Phishing Working Group (APWG).
Data collected by APWG, a consortium of more than 3,200 members and over 1,700 companies that are directly affected by phishing attacks or that provide security services to counter social engineering campaigns, shows yearly increases since the consortium’s records began in 2015.
The “Phishing Activity Trends Report” gathers data from contributing members to detail how this cybercrime evolves. The primary method is to look at the number of unique phishing Web sites, which takes into consideration that a phishing site could be made public from thousands of customized URLs, which all lead to the same place.
“The total number of phishing sites detected by APWG in the third quarter of 2019 was 266,387. This was up 46 percent from the 182,465 seen in Q2, and almost double the 138,328 seen in Q4 2018,” reads the official report. According to Greg Aaron, APWG Senior Research Fellow, the third quarter in 2019 seems to be the worst period for phishing since 2016.
While phishing campaigns affect regular users, companies are exposed to the most significant dangers. APWG member MarkMonitor noticed that the number of brands attacked by phishers in Q3 2019 rose 22% from Q2, from an average of 313 brands per month to 400 brands per month.
SaaS (software as a service) remains the industry most affected by phishing, and for a clear reason. Getting credentials for this particular service allows criminals to perform BEC (business e-mail compromises) attacks, giving them access to corporate environments.
Other industries affected by the growing wave of phishing campaigns include cloud storage, file hosting, eCommerce, and financial institutions.