According to the APWG’s Q4 2018 Phishing Activity Trends Report, the number of confirmed phishing sites declined as 2018 proceeded. The total number of phishing sites detected by APWG in 4Q was 138,328 – down from 151,014 in Q3, 233,040 in Q2, and 263,538 in Q1. This general decline in the number of phishing campaigns as the year went on may have been a consequence of anti-phishing efforts – and/or the result of criminals shifting to more specialized and lucrative forms of e-crime than mass-market phishing.
On the other hand, phishing that targeted SaaS and Webmail services jumped from 20.1 percent of all attacks in Q3 to almost 30 percent in Q4. Attacks against cloud storage and file hosting sites continued to drop, decreasing from 11.3 percent of all attacks in Q1 2018 to 4 percent in Q4 2018.
Corin Imai, Senior Security Advisor at DomainTools:
“While the reduction of traditional phishing attempts is reassuring, phishing is a wholly adaptable form of cybercrime: it evolves its techniques to bypass users’ attentiveness and it increases in complexity as its tricks are uncovered.
The shift in preferred targets indicates that perhaps the more common, indiscriminate attacks that relied on casting a wide net of victims were no longer effective. This, in turn, means that the cybersecurity industry succeeded in creating efficient tools to detect fraudulent emails and – with the help of the media – in informing private individuals of the best security practices.
While research teams reinforce detection tools and security software to face the new challenges that more targeted attacks have brought, the same focus on raising awareness should be kept up: humans remain the first and last line of cyberdefence, and education should be at the forefront of any anti-phishing effort.”