Number and diversity of phishing targets continues to increase

The number of phishing sites in the first quarter of 2014 leaped 10.7 percent over the previous quarter, the Anti-Phishing Working Group reports. 2013 was one of the heaviest years for phishing on record, and Q1 2014 perpetuated that trend posting the second-highest number of phishing attacks ever recorded in a first quarter.

The APWG detected an average of 41,738 new phishing attacks per month in the first quarter. January saw a temporary rash of phishing on virtual servers; these phishing attacks use a technique where a cybercriminal creates and hosts phishing pages on multiple unique domains all hosted on a compromised Web server.

Attacks against payment services represented 46.5 percent of attacks in Q1, followed by attacks against banks and financial institutions at 20 percent.

A total of 557 different brands or institutions were targeted by phishers in Q1. This was up from the 525 targeted in the fourth quarter of 2013, and is climbing toward the 681 unique targets that were attacked in the second half of 2013.

The United States continued to be the top country hosting phishing sites.

“The number and diversity of phishing targets continued to increase,” said Greg Aaron, APWG Senior Research Fellow and President of Illumintel Inc. “Almost any enterprise that takes in personal data via the Web is a potential target.”

Malware also continued to be a prevalent threat to Internet users. According to Luis Corrons, PandaLabs Technical Director and Trends Report contributing analyst, the percentage of infected computers around the world in Q1 has increased, reaching 32.77 percent.

The countries leading the list are China (with 52.36% of computers in the country infected), followed by Turkey (43.59%) and Peru (42.14%). Nine of the ten least-infected countries are in Europe, with the exception being Japan.

The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_q1_2014.pdf