BIRMINGHAM, Ala.--(BUSINESS WIRE)--The new Global Phishing Survey released by APWG today at the association’s annual research conference shows that Apple is the most phished brand in the world, accounting for 17 percent of all phishing reports sampled and analyzed from the first half of 2014.
Apple’s brand and associated marques, such as iTunes and iPad, eclipsed perennial phishing target favorite PayPal with the computing device manufacturer enduring 21,951 of the 123,741 phishing reports sampled
PayPal was the second most phished brand, targeted in 17,811 attacks, or 14.4 percent of the half’s sample. The Chinese marketplace Taobao was third with 16,418 attacks, or 13.2 percent of the sampled attacks.
“As the world’s most valuable brand with a massive on-line user base, Apple has always been a phishing target, and with phishers concentrating more and more on online account takeover, consumers’ Apple ID’s are a tempting target,” said Rod Rasmussen, President and CTO of IID and the survey’s co-author.
“As Apple provides more services and devices tied to one’s Apple ID, including the just announced Apple Pay, it is no surprise that phishers are increasing their efforts to fool consumers into divulging their credentials, regardless of additional security measures Apple puts in place to protect their customers,” Rasmussen said.
The report found cybercrime gangs are aggressively pursuing brand diversity in their online fraud schemes, spoofing and otherwise leveraging the identities of some 756 institutions, the highest number the analysts had yet encountered
“If a site takes in personal data like passwords or credit card information, then phishers may want to exploit it,” said Greg Aaron, President of Illumintel and the survey's other co-author. “We're seeing an unprecedented breadth of targets -- cloud storage sites, utility companies, business service providers, and real estate brokerages.”
Of the 87,901 domains used for phishing, the report identified some 22,679 domains, a quarter of the total sample, that the authors believe were registered maliciously by phishers.
The number is primarily due to registrations by Chinese-based phishers targeting Chinese brands who prefer cheap (and free) domain name registrations in certain TLDs. The other 65,222 domains were almost all hacked or compromised on vulnerable Web hosting.
The complete report is available here: http://docs.apwg.org/reports/APWG_Global_Phishing_Report_1H_2014.pdf
About the APWG
The APWG, founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the Stop. Think. Connect. Messaging Convention, the global online safety public awareness collaborative www.stopthinkconnect.org and founder/curator of the APWG Symposium on Electronic Crime Research, the world’s only peer-reviewed conference dedicated specifically to electronic crime studies www.ecrimeresearch.org.
