Users of Software as a Service (SaaS) and webmail services are increasingly targeted, according to the APWG Q1 2019 Phishing Activity Trends Report.
The category became the main target in the first quarter, accounting for 36% of all phishing attacks, for the first time eclipsing the payment services category which suffered 27% of the attacks recorded in the quarter.
Online SaaS applications have become fundamental business tools because they are convenient to use and cost effective. SaaS services include sales management, customer relationship management (CRM), human resources, invoicing, and other office applications and collaboration tools.
“Phishers are interested in stealing connections to SaaS sites because they provide financial data and also personal data, which can be exploited for spear-phishing,” said Greg Aaron, APWG principal researcher.
Stefanie Ellis, Head of Anti-Fraud Products and Marketing at MarkMonitor, said: “The total number of confirmed phishing sites increased in early 2019, with the biggest jump in March. “
The total number of phishing sites detected in the 1st quarter of 2019 was 180,768. This was notably up from the 138,328 observed in the fourth quarter of 2018 and the 151,014 observed in the third quarter of 2018.
Payment services and financial institutions phishing continued to experience a high number of phishing attacks. But attacks on cloud storage and file hosting sites continued to decline, from 11.3% of all attacks in Q1 2018 to just 2% in Q1 2019.
Meanwhile, cybercriminals have deployed HTTPS-protected phishing websites in record numbers, according to PhishLabs, posting a record high of nearly 60% of phishing websites detected in Q1 2019 using this data encryption protocol.
Phishers turn this security utility against users, taking advantage of the HTTPS protocols padlock icon that appears in the browser’s address bar to assure users that the website itself is trustworthy.
“In the first quarter of 2019, 58% of phishing sites were using SSL certificates, a significant increase from the previous quarter when 46% were using certificates,” said John LaCour, CTO of PhishLabs.
“There are two reasons we’re seeing more of it. Attackers can easily create free Domain Validated (DV) certificates, and more and more websites are using SSL in general. More and more websites are using SSL because the browser notifies users when SSL is not in use. And most phishing is hosted on hacked and legitimate sites.