Recent Posts

Recent Blog Posts

The PhishLabs Blog

APWG Report Reveals Increased Exploitation of Free Hosting Providers

Posted by Stacy Shelley on Oct 18, '17

The Anti-Phishing Working Group (APWG) has released the Phishing Activity Trends Report for the first half of 2017. APWG  utilizes  reported phishing attacks from multiple data sources to track, analyze, and report on fraud resulting  from phishing, crimeware, and email spoofing.  The report reveals frequent targeting in Payment, Financial, and Webmail sectors, as well as a rise in phishing attacks that utilize website builders and free hosting providers. 

Crane Hassold, Manager of Threat Intelligence at PhishLabs, noted in the report that hosting providers that offer free hosting and free  website-building tools provide criminals with opportunities. “These free hosts are not only easy and cheap to use, but they also allow threat actors to create subdomains spoofing a targeted brand, resulting in a more legitimate-looking phishing site. Free hosts also afford phishers additional anonymity, because these services do not make registrant information easily available.”

Read More

Topics: Phishing, APWG

APWG: Phishing Jumps 10.7% in Q1 of 2014

Posted by Stacy Shelley on Jul 1, '14

The Anti-Phishing Working Group has published a new Phishing Activity Trends Report providing analysis of global phishing attack data collected in the first quarter of this year. The key takeaway is a 10.7 percent increase in the number of phishing sites in Q1 compared to Q4 of 2013 (the total number of phishing sites in Q1 was 125,215).

In prior years, phishing attack volumes have generally been higher later in the year. If that trend holds true in 2014, it will be a lively year for phishing. 

Read More

Topics: Phishing, APWG, Strategy

Phishers expand their target list | APWG 2H2013 Global Phishing Survey

Posted by Stacy Shelley on Apr 10, '14

As usual, there's some good data in the 2H2013 Global Phishing Survey released by the APWG today. 

Phishing attacks grew quite a bit, up 60% from the first half of 2013. Still short of the peak observed in the last half of 2012, but a significant increase nonetheless.

How else did the phishing landscape change in the last half of 2013? 

Read More

Topics: Phishing, APWG

Inside the Phishing Ecosystem: Staging Phishing Attacks

Posted by Stacy Shelley on Mar 7, '14

At its highest level, the phishing process consists of staging an attack, launching it, collecting stolen credentials, and monetizing them. Today’s phishers use a range of tools to carry out their attacks. These tools are available for free or may be purchased in underground markets. More advanced phishers may build their own tools and incorporate layers of automation that further reduce the effort and costs required from start to finish. 

Today's post focuses on staging a phishing attack. To stage a phishing attack, fraudsters need two basic things:

  • The files to make a phish site (HTML, images, style sheets, javascript, PHP programs, etc.).
  • A website where the phish site can be hosted.
Read More

Topics: Phishing, APWG, Phish Kit

Phishing attacks up 20 percent in latest APWG report

Posted by Stacy Shelley on Feb 13, '14

APWG has published the recap and analysis of phishing activity in Q3 of last year. Here are some of the highlights from the APWG Phishing Activity Trends Report for the 3rd Quarter of 2013:

  • The volume of phishing attacks rose 20 percent from Q2.
  • There were more than 143,000 unique phishing websites detected in Q3.
  • The number of brands targeted each month averaged ~390 during Q3.
Read More

Topics: Phishing, Malware, Fraud, APWG

PhishLabs presenting at the Anti-Phishing Working Group CeCOS conference

Posted by John LaCour on Apr 19, '12

John LaCour, CEO of PhishLabs, is presenting at the forthcoming APWG Counter E-Crime Operations Summit in Prague. Mr. LaCour’s presentation title “Viscious Vishing Vanquished” will discuss how vishing attacks and include real world examples of vishing scams.

Read More

Topics: APWG, Talks

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events

Calendar_Mock_

Posts by Topic

see all