Phishers Shift Efforts To Attack SaaS And Webmail Services

There was good news and bad news for the internet audience in early 2019. The good news is that the total number of conventional spam-based phishing campaigns declined at the end of 2018, while the bad news is as users of Software as a Service (SaaS) systems and webmail services are increasingly targeted.

The number of phishing sites is decreasing

According to the APWG Q4 2018 Phishing Trends Report, the number of confirmed phishing sites decreased during the year 2018. The total number of phishing sites detected by the APWG in the fourth quarter was 138,328, compared to 151,014 in the third quarter, 233,040 in the second quarter and 263,538 in the first quarter.

This general drop in the number of phishing campaigns over the year may be a consequence of anti-phishing efforts – and / or the result of criminals shifting to more specialized and lucrative forms of cybercrime. than mass phishing.

There is growing concern that this decline is due to under-detection. Detection and documentation of some phishing URLs has been complicated by phishers masking phishing URLs with techniques like spider web diversion patterns – and using multiple redirects in spam-based phishing campaigns , which hijack users (and automated detectors) from an email lure. via multiple URLs across multiple domains before dropping the potential victim onto the actual phishing site. MarkMonitor, a contributing member of the APWG, continues to monitor this trend.

New privileged targets

Phishing targeting SaaS and Webmail services fell from 20.1% of all attacks in the third quarter to almost 30% in the fourth quarter. Attacks against cloud storage and file hosting sites continued to decline, from 11.3% of all attacks in Q1 2018 to 4% in Q4 2018.

Researchers from APWG member PhishLabs observed that in the last quarter of 2018, the number of phishing attacks hosted on websites with HTTPS and SSL certificates declined for the first time in history.


“Phishing sites using SSL decreased slightly in Q4 2018 compared to Q3 – down 3% to around 47%,” said John LaCour, CTO of PhishLabs. “However, it remains true that almost half of phishing sites use digital certificates to make attacks more legitimate and to avoid browser warnings.”