The Anti-Phishing Working Group (APWG) released their quarterly Phishing Attack Trends Report for the first quarter of 2013. Payment Services were reported as the most phished industry sector, followed by Financial Services. When considering the goal of cyber-criminals behind such scams – typically usernames, passwords and credit card information for monetary gains – these industries certainly make sense. While the total number of reported phishing website detections is seemingly on the decline, as illustrated in the trend line below, actual attacks may tell a different story.
I received an email seemingly from PayPal informing me that access to my account has been limited. It threw me off because I received this at my work email, which is not registered with PayPal. I immediately wondered if my account got hacked. Here is a screenshot of the email:
With the increasing complexity of threats appearing on the Internet, coupled with the rapid development of security products designed to mitigate them, the number of phishing-based attacks have grown. In the first half of 2011 and compared to the second half of 2010, the Anti-Phishing Working Group (APWG) reported a 62% increase in unique phishing attacks worldwide in 200 top-level domains (TLDs).1 This trend warrants swift action to address the growing threat.