The APWG continues to refine its tracking and reporting methodology. APWG tracks and reports the number of unique phishing reports (e-mail campaigns) it receives, in addition to the number of unique phishing sites found. The APWG also tracks the number of unique phishing websites.
The APWG Phishing Activity Trends Report for 4th Quarter 2016 indicates that the total number of phishing attacks in 2016 was 1,220,523, which is a 65% increase over 2015. Phishing activity in early 2016 was the highest ever recorded by APWG since it began monitoring in 2004. In the fourth quarter of 2004, the APWG saw 1,609 phishing attacks per month. Phishing activity in the fourth quarter of 2016 was higher than any period in 2015. In the fourth quarter of 2016, APWG saw an average of 92,564 phishing attacks per month, an increase of 5,753% over 12 years.
The number of unique phishing reports submitted to APWG during the fourth quarter of 2016 was 211,032. The number of unique phishing reports submitted to APWG saw a continual rise during the three-month period, peaking at 95,555 in December 2016.
Phishing reports received October through December 2016:
• October 51,153
• November 64,324
• December 95,555
The following figures combine fourth quarter 2016 statistics based on brands phished, unique domains, unique brand-domain pairs and unique URLs. The number of brands targeted was relatively steady at just over 400 per month through the first three quarters of 2016. But the number of brands targeted by phishers dropped notably in Q4, down to 264 unique brands during December.
Number of Unique Phishing Websites Detected
Unique Brand-Domain Pairs
URLs per Brand
The number of brands targeted was relatively steady at just over 400 per month through the first three quarters of 2016. But the number of brands targeted by phishers dropped in Q4, down to 264 unique brands during December. There were 357 hijacked brands in October and 332 in November. These were the top five most targeted industry sectors (90.51%) in 4th Quarter 2016:
• Retail | Service 41.85%
• Financial 19.60%
• ISP 12.58%
• Payment Service 11.33%
• Multimedia 5.15%
Fraudsters in Brazil are using both traditional phishing and social media to defraud Internet users. They are also using technical tricks to make it harder for responders to stop these scams. In fourth quarter 2016, Axur, an APWG member in Brazil, observed more than 2,000 fraud occurrences that targeted Brazilian companies and individuals. Most of these appeared on social media, mobile apps and traditional phishing sites.
The APWG’s Crimeware statistics categorize crimeware as code designed with the intent of collecting information on the end-user in order to steal the user’s credentials. Unlike most generic keyloggers, phishing-based keyloggers have tracking components, which attempt to monitor specific actions and specific organizations such as financial institutions, retailers and e-commerce merchants in order to target specific information. The most common types of information are access to financial-based websites, e-commerce sites and web-based mail sites.
The country that is most plagued by malware is China, where 47.09% of machines are infected, followed by Turkey (42.88%) and Taiwan (38.98%).
Running simulated phishing tests will determine your employees' susceptibility to social engineering and phishing scams. Train your employees and help them identify spear phishing and ransomware attacks.