APWG Report: Phishers Targeting Crypto Currency, Payment Services and Retail Sites
The APWG reports in its new Phishing Activity Trends Report that new online payment services and crypto-currency sites are being targeted by phishers. The number of phishing attacks remained high, and the second quarter of 2014 saw the second-highest number of phishing attacks ever recorded in a quarter since the APWG began tracking by quarterly periods in 2008.
The APWG detected an average of 42,793 new phishing attacks per month in the second quarter. The number of targets dropped slightly from 1Q 2014. Year-over-year, the number of targets was down 17 percent from the 639 observed in Q2 of 2013 to the 531 seen in Q2 of 2014. “This indicates a higher concentration of attacks on more vulnerable brands," said Frederick Felman, Chief Marketing Officer, MarkMonitor, and an APWG contributing member.
The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_q2_2014.pdf
Several types of targets were attacked more than in the past. Attacked more frequently were growing online and alternate payment services. Examples include the Austrian cashless payments site PayLife, Hong Kong-based alternate payment system Perfect Money, and Payoneer, an Internet-based financial services business that allows users to transfer money and receive payments through re-loadable prepaid MasterCard debit cards. Attacks against established providers dipped.
“We’re also seeing an uptick in phishing attacks against the users of Bitcoin sites, notably wallet service Blockchain and the exchange site Coinbase,” said Greg Aaron, President of Illumintel and APWG Senior Research Fellow. “The number of attacks against them remains small overall, but we will continue to monitor this as Bitcoin continues to gain adoption by retailers and consumers.”
Attacks against retail/service sites also grew, from 11.5 to 16.5 percent of all phishing attacks. Phishers spoofed these sites because they collect credit card numbers and other useful credentials from their users.
The second quarter also saw a recent increase in the spread of PUPs (Potentially Unwanted Programs) such as spyware and adware. APWG member company PandaLabs reports that the PUPs were spread by a proliferation of software bundlers: programs that install PUPs on computers along with the programs that the user actually wants to install. Overall, Trojans remained the most common type of malware.
Meanwhile, APWG is convening its fall conference in Birmingham on September 23-25 to address the next generation of cybercrime, specifically inspecting crime engaging fraud architectures in the investing and mortgage banking sectors, as well as advanced research into fraud provenance tracing, programmatic cybercrime event data exchange and enterprise-wide fraud management.
The conference notes page is here: http://ecrimeresearch.org/events/ecrime2014/
APWG Secretary General Peter Cassidy said, "Account-level cybercrime against consumers and enterprises can damage accounts – but control fraud and investment fraud has the clear potential to damage markets and even economies. Our contributing researchers at this conference are mapping threatscapes that menace commerce and free markets as we know them.”
About the APWG
The APWG, founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide.
The APWG's http://www.apwg.org/ and http://education.apwg.org/ websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection.
The APWG is co-founder and co-manager of the Stop. Think. Connect. Messaging Convention, the global online safety public awareness collaborative http://www.stopthinkconnect.org/ and founder/curator of the eCrime Researchers Summit, the world’s only peer-reviewed conference dedicated specifically to electronic crime studies http://www.ecrimeresearch.org/
Related News
Bitcoin attackers present "a new frontier" for cybercrime, a gathering of top security specialists heard in Barcelona this week. Government agencies, banks, universities, private companies and consulting firms attending the Anti-Phishing Working Group's (APWG) eCrime 2015 event on Tuesday were warned by a panel of cryptocurrency experts that research in the sector is lagging behind criminal practice. Speaking inside the CaixaForum, APWG chairman Dave Jevans, who has been following bitcoin since 2011, told the audience that this knowledge gap presented a challenge for everyone in the room,....
Phishers are coming after MetaMask users in increasingly clever ways. Cyber Security firm CipherTrace has issued a warning after noting a surge in reports over the past 24 hours of users funds being stolen by a malicious Chrome browser extension posing as popular crypto wallet MetaMask.The warning was issued under the headline "ALERT: Malicious Crypto Browser Extension—Masked MetaMask" and reported the company had seen "an uptick of alerts and comments within the online cryptocurrency community of users’ funds being stolen."In response to online criticism that MetaMask is not doing enough....
Cryptocurrency scam sites are being targeted by other scammers to hijack their traffic and their possible earnings. A recently detected threat actor, named Water Labbu, is manipulating the users that are drawn to these sites as a source of revenue, injecting a malicious script as a tool for interacting with the wallet that, depending on its funds, will be attacked.
Crypto Scammers Are Attacking Crypto Scammers
The rise of the cryptocurrency ecosystem has brought interest in targeting investors through scam sites using different resources that include Youtube streams to do so, as....
Long gone are the days when Bitcoin was considered as this obscure digital currency only used by computer engineers or criminals operating via dark web channels. Nowadays, it seems that the only concern surrounding the crytpocurrency is the fear of hacking attacks or theft that have occasionally occurred in exchange markets, and Bitcoin finally enjoys the trust of web users and major corporations who have willingly hopped on the Bitcoin bandwagon to make their services even more available than before. Unlike five years ago, Bitcoin is now a viable payment method in a number of web sites,....
Although last week proved horrible for cryptocurrency owners with the market facing a crash and Binance’s outage during that difficult time, the nasty phishing attacks designed having pop-ups target metaverse users on famous crypto sites. So far, multiple sites, including Etherscan and DexTools, have reportedly confirmed the crypto scam ad and issued alerts not to […]