Semi-annually, the Anti-Phishing Working Group (APWG) publishes the Global Phishing Survey: Trends and Domain Name Use. This reports addresses phishing trends and underscores the significance of phishing by quantifying the scope of the global phishing problem. In this report, the APWG examines all the phishing attacks detected in the first half of 2013 (“1H2013”, January 1 to June 30). The data was collected by the Anti-Phishing Working Group, and supplemented with data from several phishing feeds and private sources.

Major Findings

  • Vulnerable hosting providers are inadvertently contributing to phishing.
  • Mass compromises led to 27 percent of all phishing attacks.
  • Phishing continues to increase in China, where the expanding middle class is using e-commerce more often.
  • The number of phishing targets (brands) is up, indicating that e-criminals are spending time looking for new opportunities.
  • Phishers continue to take advantage of inattentive or indifferent domain name registrars, registries, and subdomain resellers.
  • The number of top-level registries is poised to quintuple over the next two years.
  • The average and median uptime of phishing attacks are climbing.
 

Key Statistics

  • There were at least 72,758 unique phishing attacks worldwide.
  • The phishing attacks occurred on 53,685 unique domain names.
  • 1,972 phishing attacks were detected on 1,626 IP addresses.
  • The number of phishing attacks using IPs has remained steady for 3.5 years.
  • Of the 53,685 phishing domains, 12,173 were likely registered maliciously by phishers.
  • The average uptime of a phishing attack in 1H2013 was 44 hours and 39 minutes, compared to 26 hours and 13 minutes in 2H2012.
  • The median uptime of a phishing attack in 1H2013 was 12 hours and 52 minutes – over twice the historic low median of 5 hours and 45 minutes achieved in 1H2012.
  • 82 percent of the malicious domain registrations used in phishing attacks were in just three top-level domains (TLDs): .COM, .TK, and .INFO.
  • There were 720 target institutions, up significantly from the 611 targeted institutions identified in 2H2012.
  • Only about 2.3 percent of all domain names that were used for phishing contained a brand name or variation thereof.
  • Seventy-eight of the 53,685 domain names used in phishing attacks were internationalized domain names (IDNs).
  • The use of URL shorteners for phishing has decreases significantly.

View our other phishing and social engineering presentations on slideshare.net/phishingbox.

Visit our Phishing Facts and Resources pages for useful information on the threat of phishing and phishing prevention information.

If you have any questions or comments, or want to learn how you can test employees’ susceptibility to phishing attacks, please contact us.