APWG News

  • June 26, 2017: APWG Releasese Global Phishing Survey for 2016
    Global Phishing Survey: Domain Name Use and Trends in 2016
    APWG released its latest Domain Name Use and Trends report on June 26, 2015.  Some Key Findings in this report:
    • There were at least 255,065 unique phishing attacks worldwide. This represents an increase of over 10% from the 230,280 attacks we identified in 2015. An attack is defined as a phishing site that targets a specific brand or entity. A single domain name can host several discrete phishing attacks against different banks, for example.
    • The attacks occurred on 195,475 unique domain names.2 This is the most we have recorded in any year since we began these reports in 2007. The number of domain names in the world grew from 287.3 million in December 2014 to 329.3 million in December 2016.
    • Of the 195,475 domains used for phishing, we identified 95,424 domain names that we believe were registered maliciously by phishers. This is an all-time high, and almost three times as many as the number we found in 2015. A little over half of these registrations were made by Chinese phishers. The other 100,051 domains were almost all hacked or compromised on vulnerable Web hosting. This means that nearly half of all domains that hosted phishing sites were maliciously registered.
    • Seventy-five percent of the malicious domain registrations were in just four TLDs: .COM, .CC, .PW, and .TK. More than 90% of malicious domains were found in just 14 TLDs. Please see pages 16-17 for more detail.
    • We counted 679 targeted brands. This dropped from 783 in 2015. Phishers are still creating kits dedicated to attacking both popular targets and new targets.
    • Phishing occurred in 454 top-level domains (TLDs). Two-hundred twenty-nine (228) were new top-level domains launched since 2013.
  • Feb 23 2017: APWG releases its Phishing Trends Report for Q4 2016:
    Some Key Findings in this report:
    • The total number of phishing attacks in 2016 was 1,220,523, a 65% increase over 2015.
    • n the fourth quarter of 2004, the APWG saw 1,609 phishing attacks per month. In the fourth quarter of 2016, APWG saw an average of 92,564 phishing attacks per month, an increase of 5,753% over 12 years.
    • Fraudsters in Brazil are using both traditional phishing and social media to defraud Internet users. They are also using technical tricks to make it harder for responders to stop theses scams.
    • Phishers concentrated on fewer targets during the holiday season, and hit fewer lower- yielding or experimental targets.
    • Phishers didn’t need to choose domain names that help fool victims.
    • The country that is most plagued by malware is China, where 47.09% of machines are infected, followed by Turkey (42.88%) and Taiwan (38.98%).
    Download full report here
  • Feb 13-15 2017: APWG at the United Nations Office of Drugs and Crime in Vienna
    • APWG is partiipating in the Expert Group Meeting of the Education for Justice initiative, launched last year as a component of the Doha Declaration.
  • Jan 23 2017: APWG Expands Board of Directors to Five Seats, Appointing Global Thought Leaders for the Task of Establshing Universalized Response Conventions to Cybercrime
    • Brad Wardman, PhD. of PayPal, Dave Piscitello of ICANN, and Pat Cain of The Cooper Cain Group have joined the APWG Board of Directors. News link here.
  • Dec 21 2016: APWG releases its Phishing Trends Report for Q3 2016:
    Some Key Findings in this report:
    • The Retail/Service sector continued to be the most- attacked category of victim, suffering 43% of phishing attacks in Q3
    • The number of brands targeted by phishers also fell, and was down 17% from Q2 to Q3
    • An average of 200,000 new malware samples were discovered per day in Q3
    • The country with the worst malware infection rate was China, where 47.23% of machines were infected, followed by Taiwan (43.38%) and Turkey (39.01%). Scandinavian countries had the lowest infection rates
    • The number of URLs per brand dipped 25% from Q2 to Q3, indicating that phishers were, on average and overall, creating fewer phishing URLs
    Download full report here
  • Oct 03 2016: APWG releases its Phishing Trends Report for Q2 2016:
    Some Key Findings in this report:
    • The Retail/Service sector remained the most- targeted industry sector during the second quarter of 2016, suffering 43% of attacks
    • The number of brands targeted by phishers in the second quarter remained consistent – ranging from 411 to 425 different brands each month
    • Ransomware continued to be a pervasive threat. 18 million new malware samples were found in Q2, an average of +200,000 a day
    • The country most infected with malware was China, where 49.02 percent of computers encountered infections, followed by Taiwan (47.34%) and Turkey with 40.99%)
    • The countries with the lowest infection rates were generally European, with the Scandinavian countries having the lowest percentages of infections
    Download full report here
  • Sept 01-02 2016: APWG.EU host The Bern Symposium on Global Cybersecurity Awareness Messaging:
    The Bern Symposium on Global Cybersecurity Awareness Messaging will address the development of cybersecurity awareness programs at the national and transnational levels. The two-day workshop will discuss the assets and relationships that are leveraged to organize and deploy a maximally effective national cybersecurity awareness campaign.
    View event details here
  • May 23 2016: APWG releases its Phishing Trends Report for Q1 2016:
    Some Key Findings in this report:
    • The Retail/Service sector remained the most- targeted industry sector during the first quarter of 2016, with 42.71% of attacks.
    • The number of brands targeted by phishers in the first quarter remained constant – ranging from 406 to 431 brands each month.
    • The United States continued its position at top on the list of nations hosting phishing websites.
    • In Q1 2016, 20 million new malware samples were captured.
    • The world's most-infected countries are led by China, where 57.24% of computers are infected, followed by Taiwan (49.15%) and Turkey at 42.52%.
    Download full report here
  • March 22 2016: APWG releases its Phishing Trends Report for Q4 2015:
    Some Key Findings in this report:
    • Another holiday phenomenon was that the Retail/Service sector became the most-targeted industry sector in the fourth quarter of 2015, with 24.03% of all phishing attacks.
    • There has been a notable increase in software bundlers, which install unwanted programs without the user’s consent.
    • Belize and the United States topped the list of countries that hosted phishing sites.
    • The USA remained the top country hosting phishing-based Trojans and downloaders during the three-month period.
    • The number of brands targeted by phishing remained constant throughout 2015, although new companies and institutions were always being targeted.
    • In Q4 2015, 14 million new malware samples were captured.
    Download full report here
  • December 23 2015: APWG releases its Phishing Trends Report for Q1-Q3 2015:
    Some Key Findings in this report:
    • ”Business email compromise” (or BEC) scams became a major problem in 2015. These attacks often use spear-phishing techniques, and fool companies into transferring large amounts of money to criminals.
    • The total number of unique phishing sites detected from Q1 through Q3 was 630,494.
    • ISPs were the most-targeted industry sector during the first three quarters of 2015, surpassing the banking and financial services sectors.
    • In September, Belize became the top country hosting phishing sites, briefly surpassing the United States.
    • Computers around the world continue to be infected with malware at a high rate. The global infection rate was 36.51% in Q1, 32.21% in Q2, and 32.12% in Q3 of 2015
    Download full report here
  • Sept 28 / Oct 01 2015: APWG at Europol - INTERPOL events in The Hague:
    APWG Secretary General Peter Cassidy, APWG Senior Research Fellow Aimee Larsen Kirkpatrick and APWG.EU Research Director Dr. Manel Medina speak on the STOP. THINK. CONNECT. cybersecurity awareness campaign in EU as a counter-cybercrime strategy at the Second Cybercrime Prevention and Awareness Forum on the 28th and the Europol - INTERPOL Cybercrime Conference on Oct 1.
  • May 27, 2015: APWG Releasese Global Phishing Survey for Second Half of 2014
    Global Phishing Survey: Domain Name Use and Trends in 2H2014
    APWG released its latest Domain Name Use and Trends report on May 27, 2014.  Some Key Findings in this report:
    • New companies are constantly being targeted by phishers. Some phishers are attacking targets where consumers may least expect it.
    • The ten companies that are targeted most often by phishers are attacked constantly, sometimes more than 1,000 times per month.
    • The number of domain names used for phishing reached an all-time high.
    • Phishing in the new top-level domains started slowly, and we expect to see phishing levels in them rise as time goes on.
    • Phishing attacks were not mitigated as quickly as in the past. The median uptime of phishing attacks increased.
  • March 30 2014: APWG releases its Phishing Trends Report for Q3 2014:
    Some Key Findings in this report:
    • A total of 549 brands were targeted by phishers in Q4, up from the 531 targeted in the second quarter of 2014
    • The total number of phish observed in Q3 was 92,473, a 28 percent decrease from Q2 2014, although this may be a statistical anomaly
    • n July, phishers broke into Polish servers, with the result that Poland jumped to #2 in the global ranking of countries that hosted phishing content. The United States continued to be ranked number one
    • Over 20 million new malware samples were discovered during Q3, an average of 227,747 new malicious files every day
    • The United States remained the top country for hosting phishing-based Trojans and downloaders during the three month period
    Download full report here
  • Oct 15 2014: APWG to provide udpates on the STOP. THINK. CONNECT. messaging program at the ICANN 51 meeting
    • (APWG) Hemispheric Unification of Cyber Security Awareness Messaging
    • The STOP. THINK. CONNECT. Messaging Convention has embarked upon a campaign to establish the STOP. THINK. CONNECT. cybersecurity awareness messaging suite as a hemisphere-wide campaign, leveraging initial adoption by nation-states in North America, Central America and South America.
  • Sep 24 2014: APWG Releasese Global Phishing Survey for First Half of 2014
    Global Phishing Survey: Domain Name Use and Trends in 1H2014
    APWG released its latest Domain Name Use and Trends report on April 10, 2013.  Some Key Findings in this report:
    • Apple became the world’s most-phished brand.
    • The introduction of new top-level domains did not have an immediate major impact on phishing.
    • Chinese phishers were responsible for 85% of the domain names that were registered for phishing.
    • Malicious domain and subdomain registrations continue at historically high levels, largely driven by Chinese phishers.
    • The average uptimes of phishing attacks remain near historic lows, pointing to some success by anti-phishing responders.
    • The companies (brands) targeted by phishing targets were diverse, with many new targets, indicating that e-criminals are looking for new opportunities in new places.
    • Mass hackings of vulnerable shared hosting providers led to 20% of all phishing attacks.
  • Aug 29 2014: APWG releases its Phishing Trends Report for Q2 2014:
    Some Key Findings in this report:
    • The 128,378 phishing sites were observed in Q2. This is the second highest number of phishing sites detected in a quarter, eclipsed only by the 164,032 seen in the first quarter of 2012.
    • New online payment services and crypto-currency sites are being targeted more frequently.
    • There has been a recent increase in PUPs (Potentially Unwanted Programs) such as spyware and adware. This contributed to higher global infection rates.
    • The total number of brands targeted dropped to 531 brands, down from the 557 targeted in the first quarter of 2014.
    • The United States continued to be the top country hosting phishing sites.
    Download full report here
  • Jun 23 2014: APWG releases its Phishing Trends Report for Q1 2014:
    Some Key Findings in this report:
    • The number of phishing sites leaped by 10.7 percent over the fourth quarter of 2013.
    • The number of brands targeted by phishers was up, from 525 targeted in the fourth quarter of 2013 to 557 in the first quarter of 2014.
    • The number of phishing attacks observed in Q1 was 125,215. That is the second-highest number of sites detected in a first quarter, eclipsed only by the 164,032 seen in the first quarter of 2012.
    • Payment Services continued to be the most- targeted industry sector.
    • 32.7 percent of personal computers around the world were infected with malware, aware, or spyware.
    Download full report here
  • Apr 27 2014: APWG releases its Phishing Trends Report for Q4 2013:
    Some Key Findings in this report:
    • The number of phishing sites detected rose through the fourth quarter. Overall, there were 22 percent fewer phishing sites in the fourth quarter than there were in the third quarter. Even then, 2013 was one of the most active years on record for phishing.
    • During the second half of 2013, 840 unique target institutions were attacked, up significantly from the 720 found in the second half of 2013.
    • A number of malware families morphed constantly in efforts to avoid detection by antivirus products. Fully 37 percent of the malware variations spawned during 2013 showed up during Q4.
    • The United States continued to be the top country hosting phishing sites during the fourth quarter of 2013.
    Download full report here
  • Apr 10 2014: APWG Releasese Global Phishing Survey for Second Half of 2013
    Global Phishing Survey: Domain Name Use and Trends in 2H2013
    APWG released its latest Domain Name Use and Trends report on April 10, 2013.  Some Key Findings in this report:
    • Phishing continues to explode in China, where Chinese phishers are victimizing the growing online population of the country. Chinese phishers were responsible for 85% of the domain names that were registered for phishing.
    • The average uptimes of phishing attacks declined, and were close to historic lows, pointing to some success by anti-phishing responders.
    • The companies (brands) targeted by phishing targets were diverse, with many new targets, indicating that e-criminals are looking for new opportunities in new places.
    • Mass hackings of vulnerable shared hosting providers led to 18% of all phishing attacks.
  • Mar 10 2014: APWG Resident Research Fellow at World Bank in Washingon, DC: Pat Cain meets with bank security experts at the World Bank to present an industrial advisory, "Phishing Past - and Future." 
  • Feb 10 2014: APWG releases its Phishing Trends Report for Q3 2013:
    Some Key Findings in this report:
    • The number of unique phishing websites detected jumped from June to July, and stayed at relatively elevated levels through the third quarter.
    • The number of hijacked brands declined slightly, as phishers stopped targeting less lucrative targets.
    • Trojans remained the most popular form of malware, and a record number of new malware strains were detected in the third quarter.
    • More than 59 percent of computers in China appeared to be infected with malware, a record high for any country.
    • Forty-two percent of domains used for phishing were .COM names, down from 44 percent in the previous quarter.
    • The United States continued to be the top country hosting phishing sites during the third quarter of 2013
    Download full report here
  • Dec 13 2013: APWG Secretary General at OECD in Paris With Expert Group on eCrime Metrics:
    APWG Secretary General is working with the Committee for Information, Computer and Communications Policy, a working group under the Organisation for Economic Co-operation and Development's Directorate for Science, Technology and Industry, on development of standardized statistical measures for reporting security incidents. 
  • Nov 06 2013: APWG releases its Phishing Trends Report for Q2 2013:
    The APWG reports in its Q2 2013 Phishing Activity Trends Report that fraudsters are seek new victims and brands in untapped markets with some 441 brands were hijacked in April, a record high that surpassed the previous monthly high of 430 in November 2012.
    Download full report here
  • September 18 2013: APWG releases its Domain Name Use and Trends 1H2013
    Some Key Findings in this report:
    • Vulnerable hosting providers are inadvertently contributing to phishing. Mass compromises led to 27 percent of all phishing attacks.
    • Phishing continues to explode in China, where the expanding middle class is using e-commerce more often.
    • The number of phishing targets (brands) is up, indicating that e-criminals are spending time looking for new opportunities.
    • Phishers continue to take advantage of inattentive or indifferent domain name registrars, registries, and subdomain resellers.
    • The average and median uptimes of phishing attacks are climbing.
  • July 30 2013: APWG releases its Phishing Trends Report for Q1 2013:
    The APWG reports in its Q1 2013 Phishing Activity Trends Report that phishing attack frequency declined 20 percent from Q4 2012 to Q1 2013, due to a precipitous drop in virtual server phishing attacks. Statistics indicate that phishing levels are returning to the levels seen prior to the record-setting highs of 2012.
    Download full report here
  • June 26 & 27 2013: OAS host Cybersecurity Forums:
    APWG staff participated in the Forum on Economic and Financial Implications of Cyber Security and the Segurinfo D.C. Forum hosted by the OAS. These meetins were organized to help foster understanding and build relationships between public and private sectors across the region.

  • May 2013: APCERT Annual Report 2012:
    In March this year, APCERT commemorated the 10th anniversary during the APCERT AGM & Conference 2013 in Brisbane and the summary of the 10 year history is mentioned in the Chair's Message. The report also introduces the latest security incident trends, projects and initiatives, as well as organizational information of each member team.
    http://www.apcert.org/documents/pdf/APCERT_Annual_Report_2012.pdf  

  • April 26 2013: APWG releases Mobile Threats and the Underground Marketplace
    Find the full report at http://apwg.org/resources/mobile/
  • April 25 2013: APWG releases its Domain Name Use and Trends 2H2012
    Some Key Findings in this report:
    • Phishers are breaking into hosting providers with unprecedented success, using these facilities to launch mass phishing attacks. The number of phishing attacks rose due to this technique, and attacks leveraging these resources represented 47% of all phishing attacks recorded worldwide in the second half of 2012.
    • The average and median uptimes of phishing attacks remained lower than the historical average.
    • Phishers registered more subdomains than regular domain names, while the number of domain names registered by phishers has dropped significantly since early 2011
  • April 24 2013: APWG releases its Phishing Trends Report for Q4 2012
    Find the full report and all previous reports here.

  • February 1 2013: APWG releases its Phishing Trends Report for Q3 2012
    This report shows the number of unique phishing sites declines for six straight months. Find the latest report and all previous reports here . . . 
  • January 16-18 2013: APWG at UNODC Core Experts Group on