Skip to main content

Anti-Phishing Working Group Report from Q2 2023

 The Anti-Phishing Working Group (APWG) is an international coalition focused on unifying the global response to cybercrime, particularly phishing and e-mail fraud. Established in 2003, APWG brings together businesses, government entities, law enforcement, and non-governmental organizations to combat phishing, crimeware, and e-mail spoofing.They create regular reports on the nature of phishing "in the wild" and share trends in this report. You can download the report here

I wanted to report on a more recent trend report, but at the time of writing I haven't seen a newer one. It being in the middle of 2023, I believe the report is recent enough. 

I found a few areas of interest, and questioned a few pieces.

  1. There was a reported downward trend in phishing. Despite the high numbers, there was a notable downward trend in phishing by the end of the quarter, indicating a possible shift in tactics or improved countermeasures. I have doubt that phishing is occurring less, I believe this indicator is that we're having a harder time detecting phishing. However, I will note that the previous report was in Q1 of 2023 and it had the highest record report.
    Additionally, the report also states there's an increase in social media attacks. With this increase, it has me doubting that BEC or otherwise is on the way out. 
  2. I found a new phrase "Hybrid Vishing Attacks" which is as straightforward as it sounds, vishing mixed with something else like traditional phishing emails or SMS messages. The report believes this is an evolution of attacks, but from the wild it seems like these attacks have been happening for years. Maybe the intention was to indicate that these attacks are so on the rise that they are almost novel in nature. 
  3. Financial Institutions are the most targeted industry at 23.5% and social media sites at 22.3%. That didn't seem all that surprising to me, but what I was interested in was the low amount of other attacked industries in the report. Gaming was at only 1.7%, and maybe people aren't scamming for RS gold these days, but I highly doubt that. The research is sited by a few different organizations that put the report together, but I can't help but think they aren't drilling into these more niche attacks. Payment processing at only 5.8% seems low as well, with plenty of sites pretending to be Zelle related, or otherwise about personal payment processing like Venmo. 
  4. The most popular gift cards in gift card scams are Amazon and Apple Store cards. The Amazon one makes sense to me, due to the versatility of use and demand for Amazon. I'm not surprised to see Apple Store cards on the list because I've seen this trend before. I can recall attackers asking for App Store cards and even Sephora cards in the past. I guess my takeaway is that I never understood why the Apple Store. Is it because they are in demand and easier to launder? The report doesn't go into detail into this topic. 

I found a few other points interesting, like how scammers are still using AOL (which was only 2% of webmail accounts used for BEC) but mostly the report wasn't all too surprising. I look forward to the next trends and reports to see what's other there. Maybe some of my suspicions will be answered.

Comments

Popular posts from this blog

Studying for the AWS Certified Cloud Practitioner Certification (CLF-C02)

As a solution's architect, I want to keep up on my cloud skills. As noted in my previous New Year's Resolution post , I'm looking to get the AWS Certified Solutions Architect Associate (SAA-C03) exam, and the Cloud Practitioner (CLF-C02) certification is the one that precedes this SAA-C03 exam.  After speaking to others who have passed the SAA-C03 exam, they mentioned more than half the content is the same as the CLF-C01 exam. The exam has been updated last September and has changed content moving to the C02 edition. So I believe it's foundational to take this exam first.  As a former academic, I have a high standard to passing the exam. While I'm already passing some practice exams, I don't want to sit for the exam until I'm getting over 90% on the practice exams. What's the point of barely scraping by when I'm doing this to truly gain skills and knowledge? Below I'm going to outline what I've been using to study. AWS Skill Builder I do pa...

2024 Resolutions

Welcome back! It's another New Year's blog post. Let's get right into my goals for this year. 1. Obtain the AWS Solutions Architect certification Right now, I'm working as a Solutions Architect, and I'm all about boosting my career with the right certification. I absolutely love what I do and want to get even better at it, so I can be an even more valuable part of my company. Even though I've got a master's degree, I'm hungry to learn more and up my game. I'm currently getting ready for the AWS Cloud Practitioner exam, which is set for February 23rd. What's interesting is that a big chunk of the stuff in this exam is also in the Solutions Architect (SA) exam. I'm making good progress with my studies, and I'm pretty confident that I'll be all set to tackle the exam by the end of the year. I'm on a mission to move up in my career, prove my worth, and pick up some fresh skills along the way. Some folks really value high...

2023 Resolutions

Welcome to my New Year's Resolutions! I feel a little vulnerable sharing my goals publicly and auditing if I failed or succeeded over the year.  My 2023 Resolutions 1) HACK THE PLANET! 2) Upload to WiGLE every month 3) Post to the blog at least once a month 4) Continue to follow and maintain my vision board. Don't judge me! I thought they were cheesy and weird, but it's been so effective. I made a blog post about it already, but just as a refresher my current board is below. A vision board is almost a resolution list in of itself. These are all the things I want to achieve in the near future.  5) Pass the HAM radio exam 6) Continue in content creation and make articles or a podcast Let's go over what my resolutions where last year: My 2022 Resolutions 1) Make it to 500,000 unique wifi networks I made it in November! I achieved this goal and obtained the gold WiGLE badge.  2) Upload to WiGLE every month I made this most months, but not every month. I will try again! 3) W...