Global Phishing Survey

Phishers are criminal, but they do make rational decisions about how to go about their work. They’re in it for the money, and they work to make their schemes as productive as possible while evading detection. To combat phishing we need to know what the phishers are doing, and how. Where is the phishing taking place? What companies are most vulnerable? Were the slew of new top-level domains a bonanza for phishers? By analyzing the phishing the authors have some answers, and those answers may surprise you.

This report seeks to understand trends and their significance by quantifying the scope of the global phishing problem. Specifically, these reports examines all the phishing attacks detected over specific time intervals. The data was collected by the Anti-Phishing Working Group, and supplemented with data from several phishing feeds, CNNIC, and private sources. The APWG phishing repository is the Internet’s most comprehensive archive of phishing and e-mail fraud activity. The authors are grateful to CNNIC and the Anti-phishing Alliance of China (APAC) for sharing their data with us.

Summary – 2016

APWG released its latest Domain Name Use and Trends report on June 26, 2017. Some Key Findings in this report:

There were at least 255,065 unique phishing attacks worldwide. This represents an increase of over 10% from the 230,280 attacks we identified in 2015. An attack is defined as a phishing site that targets a specific brand or entity. A single domain name can host several discrete phishing attacks against different banks, for example.
The attacks occurred on 195,475 unique domain names.2 This is the most we have recorded in any year since we began these reports in 2007. The number of domain names in the world grew from 287.3 million in December 2014 to 329.3 million in December 2016.
Of the 195,475 domains used for phishing, we identified 95,424 domain names that we believe were registered maliciously by phishers. This is an all-time high, and almost three times as many as the number we found in 2015. A little over half of these registrations were made by Chinese phishers. The other 100,051 domains were almost all hacked or compromised on vulnerable Web hosting. This means that nearly half of all domains that hosted phishing sites were maliciously registered.
Seventy-five percent of the malicious domain registrations were in just four TLDs: .COM, .CC, .PW, and .TK. More than 90% of malicious domains were found in just 14 TLDs. Please see pages 16-17 for more detail.
We counted 679 targeted brands. This dropped from 783 in 2015. Phishers are still creating kits dedicated to attacking both popular targets and new targets.
Phishing occurred in 454 top-level domains (TLDs). Two-hundred twenty-nine (228) were new top-level domains launched since 2013.

DOWNLOAD FULL REPORT

Previous Reports:

Global Phishing Survey

Global Phishing Survey

Summary – 2016

NPOL RSA Conference 2020

Best Paper award announced, Symposium on Electronic Crime Research 2019

eCrimeEU 2019 – Symposium on Electronic Crime Research

EU GDPR Compliance Implementation Creates Adverse Consequences for Cyber Investigations

2018 Q3 – Phishing Activity Trends Report

2018 Q4 – Phishing Activity Trends Report

2019 Q1 – Phishing Activity Trends Report

APWG.EU Bucharest Symposium on Cybersecurity Awareness

2018 SYMPOSIUM ON POLICY IMPEDIMENTS TO CYBERCRIME DATA EXCHANGE

FloCon 2018

Annual Privacy Forum 2019

LACNIC / LACNOG

CODE BLUE 2018

SEGURINFO

eCrime 2019 – Symposium on Electronic Crime Research

WHOIS Tiered Access and Accreditation Program

ICANN’s Temporary Specification Survey

The New Face of Phishing

How the GDPR affects our data sharing efforts.

Why Do Security Groups Seem to Have Issues Complying With the new GDPR?

eCrime 2018 – Symposium on Electronic Crime Research

SPONSORING SOLUTIONS

MEMBERSHIP

MORE IN APWG