Aaron Jentzen | February 07, 2019

The Latest in Phishing: First of 2019


We bring you the latest in phishing statistics and attacks from the wild.

Phishing Statistics and News 

BEC Attacks in Q4 Soar 476% Year Over Year

Just released, Proofpoint’s Quarterly Threat Report, Q4 2018 examines trends in the threat landscape throughout 2018. Of particular concern is the rapid growth of email fraud, also known as business email compromise (BEC). Key phishing statistics from Q4 include:

  • BEC attacks increased 226% over Q3 and 476% year over year.
  • Malicious accounts used for social media support fraud — in which attackers attempt to subvert conversations between consumers and a brand’s legitimate social accounts — increased by more than 500% over the course of 2018.
  • Ransomware made up only .01% of overall malicious message volume in Q4, continuing its steep decline.

Download the full report for more analysis of trends in malware, web-based attacks, and social media threats.

83% of Infosec Pros Reported Phishing in Global Survey

In January, we released our 2019 State of the Phish Report, which includes detailed phishing statistics based on multiple data sources, including nearly 15,000 responses to quarterly surveys sent to our database of infosec professionals throughout 2018. Our findings include:

  • 83% of global infosec respondents experienced phishing attacks in 2018, an increase from 76% in 2017.
  • In 2018, reports of credential compromise rose 70% over 2017, and they’ve soared 280% since 2016.

The 2019 report — our fifth annual — has been significantly expanded, offering more data and analysis than ever before. Download your copy for the full results of our global surveys (including regional data comparisons); how users across 16 industries perform on simulated phishing tests; and the ways organizations can use threat intelligence and their security awareness training data to identify and address the riskiest users and departments.

50% of Phishing Sites Now Using HTTPS

As we reported in January, the latest Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG) reveals that the number of phishing attacks reported in Q3 2018 (270,557) remained steady compared to Q1 and Q2. But other insights suggest that’s no cause for celebration:

  • Nearly 50% of phishing sites are using HTTPS encryption — a 40% increase over the previous quarter alone, and a nearly 900% increase since the end of 2016.
  • Phishing sites are increasingly using web page redirects to avoid detection.
  • 286 brands were targeted in September 2018, the most seen in a month since November 2017.
  • The online payment sector was the most targeted by phishing in Q3 2018, followed by SAAS/webmail and financial institutions.color_bar.png

    For more phishing statistics, get your copy of the 2019 State of the Phish Report.

    Download the State of the Phish Report


Credential Phishing Attacks Quadrupled in Q3 2018

Proofpoint’s latest Protecting People: A Quarterly Analysis of Highly Targeted Attacks analyzes email attacks on Fortune Global 500 companies that took place from July to September 2018. This quarterly report focuses on end users’ role in the current threat landscape, detailing who is being attacked, how, and what steps organizations can take to fight back. Here are some key phishing takeaways:

  • Email-based corporate credential phishing attacks quadrupled vs. the previous quarter.
  • Web-based social engineering attacks jumped 233% vs. the previous quarter.
  • 99% of the most highly targeted email addresses in the quarter didn’t rank as such in the previous report, which suggests attackers are constantly shifting targets.

For more insights, you can view a summary infographic and download the full report.

Phishing Attacks

1 Million Emotet Phish in a Single Day

A growing number of phishing emails contain attachments or links designed to deliver a new, particularly dangerous version of the Emotet trojan. Proofpoint researchers have found that emails with Emotet have been distributed on a near-daily basis and in high volume, with as many as 1 million messages sent in a single day. The December installment of our Attack Spotlight series provides free, timely content you can immediately share with your end users to help them avoid Emotet phishing campaigns.

Cryptojacking Attacks on the Rise

Ransomware’s waning popularity may be giving way to cryptojacking (cryptocurrency mining malware), according to Get Safe Online, a UK public/private sector partnership. Cryptojacking attacks often start with a phishing email; when a person clicks a malicious link or opens an infected attachment, malware is installed which then secretly uses the compromised machine to mine cryptocurrency.

Banking Credential Phish Uses Fake Fonts to Evade Detection

A credential harvesting scheme that impersonates a major U.S. retail bank uses a seemingly unique encoding technique: a phishing template that employs a custom web font to implement a substitution cypher (among other techniques) to render well-crafted phishing pages. According to Proofpoint’s Threat Insight blog, “While the substitution cypher itself is simple, the implementation via web font files appears to be unique, giving phishing actors yet another technique to hide their tracks and defraud consumers.”

Subscribe to Our Blog

2018 State of the Phish Report  Protect your organization from phishing attacks. Download Now
2018 Beyond the Phish Report  Protect your organization from threats including and beyond phishing. Download Now