APWG Global Phishing Survey: in 2016 The Number of Phishing Domain Names Reached All-Time High
by The Anti-Phishing Working Group
The recent study by APWG “The Global Phishing Survey: Trends and Domain Name Use in 2016”, published on 26 June 2017, presents a thorough analysis of data on more than 250,000 phishing attacks (confirmed ones only), which were detected in 2015 and 2016. The full report is available here:
The study reports at least 255,065 unique phishing attacks that occurred in 2016 worldwide, which is an all-time high since 2007, when APWG began publishing these reports. So is the number of domain names used for phishing.
What is more, the authors believe that 95,424 domain names out of 195,475 domains used for phishing in 2016, were registered by phishers themselves, which is almost three times as many as in 2015.
A little over half of these registrations were made by Chinese phishers. Almost all other 100,051 domains were either hacked or compromised on vulnerable Web hosting. This means that nearly half of the domains used for hosting phishing sites were maliciously registered. (The survey dealt with generic top-level domain (gTLD) registrations, not ccTLDs, because ccTLD registration numbers by registrar are not generally available)
The authors conclude that in 2016 cybercriminals tended to register more domain names, rather than to use domains and web servers they hacked into.
Phishing in the new top-level domains (nTLDS) is also on the rise. By the end of 2016, almost half of the nTLDs that were available for open registration (228 out of 498) had phishing in them.
Authors reported that 5,633 (86%) of 6,549 domains used for phishing in the 228 nTLDs, were registered maliciously. What is more, 71% of those malicious registrations were spotted in 10 nTLDs:
As for the companies targeted by phishers, both new companies and well-known brands run a risk of being targeted.
Popular targets such as Apple, PayPal, Yahoo!, and Taobao.com, have been attacked heavily in 2016– each of them suffered more than 30,000 phishing attacks. These top four brands were the targets of more than 57% of the phishing attacks worldwide.
The top 10 phishing targets accounted for as much as 77% of all attacks worldwide.
The primary industry sectors, targeted by phishing still remain almost the same for over a decade, with e-commerce, financial, social networking, and money transfer companies targeted in over three-quarters of attacks.
In 2016, among the phishers’ targets were many banks, including notable ones from Latin America, Europe, the Middle East, Southeast Asia, and North America. In 2016 there were attacks in some non-traditional sectors, though. Among these targets were major Swiss universities, television stations worldwide, energy companies, government agencies, and airlines.