The Anti-Phishing Working Group (APWG) says it observed a record-breaking 250 percent surge in phishing attacks between October 2015 and March 2016.
According to its latest report, the number of unique phishing websites detected in Q1 totaled 289,371, with more than 123,000 of those sites being discovered in March 2016 alone.
APWG says the findings are the highest it has seen since the coalition first began tracking and reporting on phishing back in 2004.
“We always see a surge in phishing during the holiday season, but the number of phishing sites kept going up from December into the spring of 2016,” said Greg Aaron, APWG Senior Research Fellow and Vice-President of iThreat Cyber Group in a press release.
“The sustained increase into 2016 shows phishers launching more sites, and is cause for concern,” noted Aaron.
APWG Chairman Dave Jevans warned, “Globally, attackers using phishing techniques have become more aggressive in 2016, with keyloggers that have sophisticated tracking components to target specific information, and organizations such as retailers and financial institutions that top the list.”
The report named that the retail/service sector as the most-targeted industry during the first quarter, with 42 percent of attacks. The financial and payment services sector followed, with 18 percent and 14 percent, respectively.
Additional key findings from the Q1 2016 Trends Report (PDF) included:
- The United States remained the number one nation hosting phishing websites.
- China was the most-infected country, with a 51.35 percent infection rate.
- In Q1 2016, 20 million new malware samples were captured – nearly 67 percent of them were classified as Trojans.