The Anti-Phishing Working Group (APWG) recently released their Global Phishing Survey, which covers the second half of 2014 (July 1 to December 31). The survey reveals that phishing incidents are not only on the rise, but also reveals that phishers are becoming more adept at luring users to these sites, infecting computers with malware, or stealing user’s log in credentials over unsecured HTTP connections.

Key Statistics

Below are some key statistics from the survey:

• There were at least 123,972 unique phishing attacks worldwide.
• The attacks occurred on 95,321 unique domain names.
• Of the 95,321 phishing domains, APWG identified 27,253 domain names they believe were registered maliciously.
• Of the 95,321 phishing domains, 68,303 domains were almost all hacked or compromised on vulnerable web hosting.
• Seventy-five percent of the malicious domain registrations were in just five TLDs: .COM, .TK, .PW, .CF, and .NET.
• APWG counted 569 targeted institutions. This is down significantly from the all-time high of 756 observed in the first half of 2014.
• The average uptime in the second half of 2014 was 29 hours and 51 minutes. The median uptime increased to 10 hours 6 minutes.
• Phishing occurred in 272 top-level domains (TLDs). Fifty-six of them were new TLDs.

The Takeaways

What These Stats Mean for Internet Users

• Be cautious of the sites you visit.
• Always look for the HTTPS, lock icon, or green address bar before making purchases or entering log in credentials to a website.
• Don’t click on links in emails that seem to come from you bank, e-commerce sites, etc. Instead, log in to that specific site to review transactions or other communications.

What These Stats Mean for System Admins

• If your site transmits sensitive information such as login credentials or credit card information then it is safe to assume that your site is being phished.
• Ensure your site remains secure from phishers by using SSL Certificates. SSL Certificates help make your site more secure and assure your users that they are safe visiting your site. Phishers, however, circumvent security by registering domains with variations of your site’s domain name, tricking your customers. Certificate Monitoring can help mitigate this problem by scanning the web for all SSL Certificates issued to sites using a variant of your domain’s name.
• Ensure you get the most out of your SSL Certificate by enabling only strong cipher suites.

As the survey shows, phishing attacks are not going away. The best way to mitigate them is by keeping up-to-date on emerging phishing tactics and addressing them head on.