A recent report detailing the latest trends in phishing attacks revealed that the top 10 targets suffered more than three-quarters of all phishing attacks observed worldwide.
The study (PDF), conducted by the Anti-Phishing Working Group (APWG), examined all phishing attacks detected in the second half of 2014, including data from several phishing feeds and private sources.
According to the report, Apple, PayPal and Chinese shopping marketplace Taobao.com, accounted for 54 percent of global phishing attacks. Each of these renowned retailers and service providers were hit with more than 20,000 phishing attacks against their brands and services in the six-month period alone.
“The hardest hit targets are sometimes fending off a hundred different phishing attacks each per day,” explained Greg Aaron, President of Illumintel Inc. and co-author of the report.
Nonetheless, new companies also appear to be constant victims. The study found several dozen new targets, representing companies from a range of industry sectors around the globe, “demonstrating that criminals [seek] the credentials of consumers in places where they least expect it,” read the report.
Examples of these new targets include manufacturers of industrial supplies, telephone and insurance companies, electricity providers, power utilities, as well as the U.S. electronic toll-road collection system, E-ZPass.
Furthermore, the eCommerce sector saw the majority of phishing attacks, totaling to 39.5 percent of attacks in the second half of 2014, followed by the banking and money transfer industry with 22 and 20.7 percent of attacks respectively. Social networking and email providers were also among the common targets, witnessing 11.6 percent of the phishing attacks observed.
Other key findings from the report revealed that the number of domains believed to be registered maliciously by phishers reached an all-time high – close to 28,000 unique domains, most of which appeared to be registered by Chinese phishers, the report states.
An additional 68,000 domains were identified as hacked or compromised on vulnerable web hosting for the purpose of phishing.