Analysis of the latest APWG report on phishing activity trends: Key findings and takeaways

There were 877,536 phishing attacks reported in the second quarter of 2024, a significant decrease from the 963,994 attacks reported in the first quarter of the same year. However, this may not be cause for celebration just yet, as this decline may be due to email providers making it increasingly difficult for users to report phishing attempts.

Complaints and testing show that certain well-known email providers block attempts by users to forward emails that they suspect are phishing attempts. This could skew results as actual phishing activity could be higher than the numbers show, highlighting the need for better and more accessible reporting mechanisms.

This is according to the Phishing Activity Trends Report Q2 2024 published by the Anti-Phishing Working Group (APWG). The report provides a comprehensive analysis of phishing attacks and identity theft methods and provides insights into evolving tactics used by bad actors, including phishing attacks, business email compromises (BEC), and other forms of online fraud.

The report is based on data collected from its member companies, global research partners and direct reports submitted through its website and email submissions. This comprehensive data collection provides a detailed overview of the current phishing landscape and captures both social engineering and technical deception tactics used by cybercriminals. This data is processed through APWG eCrime eXchange (eCX) to track unique phishing sites, email subjects, and targeted brands.

Vishing and Smishing Rise

The report also highlighted a shift towards telephone phishing methods, including voice phishing (vishing) and SMS phishing (smishing). These scams are targeting more and more customers of banks and online payment services. In contrast to traditional email phishing, which relies on fraudulent messages to lure victims, vishing and smishing involve direct communication with potential victims.

Vishing typically involves phone calls in which malicious actors impersonate people from trusted organizations in order to obtain sensitive information. Smming is the act of sending fake SMS messages that contain malicious links or ask for personal information. This direct approach allows attackers to engage with victims in real time. This allows these methods to more effectively bypass traditional email security filters and capture sensitive information. As these tactics become more common, organizations and individuals must remain vigilant and take comprehensive security measures to protect themselves from these increasingly sophisticated threats.

Sector-specific attacks

Another worrying trend was seen in targeting on social media platforms. These platforms remain the most frequently targeted sector, accounting for 32.9% of all phishing attacks. This high number highlights how social media sites continue to be vulnerable to phishing that exploits their wide reach and personal nature. Social media accounts are also attractive targets for phishers due to their widespread use and the wealth of personal information they contain.

In contrast, phishing attacks against financial services companies fell to 10% of total attacks in the second quarter of 2024, compared to 24.9% in the third quarter of 2023 and 14% in the fourth quarter of 2023. Attacks against online payment services (think PayPal, Venmo, Stripe). , and similar companies) remained constant at 7.5% of all attacks.

This decline is partly due to financial companies implementing advanced security measures such as two-factor authentication (2FA), which dramatically reduce the success of traditional phishing attempts. As banks and payment services strengthen their defenses, criminals are shifting their focus to sectors with less stringent security measures. This shows that constant vigilance and robust security practices are critical across all sectors.

More expensive, but fewer attacks

Fortra, a major player in tracking BEC attacks, reports that the average amount demanded in BEC attacks via wire transfer increased to $89,520 in the second quarter of 2024, up from $84,059 in the first quarter of 2024.

Despite this increase in the average amount requested, the volume of BEC attacks decreased by 8.4% compared to the previous quarter. This suggests that while individual attacks are targeting higher amounts, the overall frequency of these attacks has decreased.

Popular Scams

The company’s analysis also found that gift card fraud is the most popular type of fraud, accounting for 38.1% of all attacks. Additionally, advanced fee scams accounted for 26.1% of incidents, and payroll diversion also remained popular, accounting for 7.6% of Fortra’s follow-ups. Hybrid vishing, which wasn’t even on the radar before 2023, accounted for 4.9% of cases recorded. These hybrid scams often involve email messages asking recipients to call a phone number to resolve problems or request refunds.

Interestingly, 35% of payroll redirection attempts involved redirecting salaries to Green Dot accounts, with GoBank also a popular choice. This suggests a gap in the verification processes of these financial institutions that could potentially impact their compliance with Know Your Customer (KYC) regulations.

Free webmail providers

Fortra also found that 72% of BEC attacks used free webmail domains, with Google Gmail being the most popular at 72.4% of these attacks. This high usage of free webmail services highlights a vulnerability of these platforms that is often exploited by fraudsters.

Microsoft’s webmail services were responsible for 16.3% of BEC attacks, a significant but smaller share compared to Gmail.

Take proactive steps

As phishing techniques continue to evolve and become more sophisticated, it is critical for businesses and individuals to remain vigilant. This means staying abreast of cybercriminals’ latest tactics and continually updating and strengthening security measures to effectively combat this scourge.

Proactive measures such as regular employee training, implementing multi-factor authentication, and using advanced cybersecurity tools can help ensure that defenses are robust enough to keep up with the dynamics of phishing attacks.

For more information and to read the full report, click here.

Editor’s note: The opinions expressed in this and other articles by guest authors are solely those of the contributor and do not necessarily reflect those of Tripwire.