Apple Most Frequent Phishing Target in the World: APWG Report

Apple’s brand and associated marques, such as iTunes and iPad, eclipsed perennial phishing target favourite PayPal with the computing device manufacturer enduring 21,951 of the 123,741 phishing reports sampled

PayPal was the second most phished brand, targeted in 17,811 attacks, or 14.4 percent of the half’s sample. The Chinese marketplace Taobao was third with 16,418 attacks, or 13.2 percent of the sampled attacks.

“As the world’s most valuable brand with a massive on-line user base, Apple has always been a phishing target, and with phishers concentrating more and more on online account takeover, consumers’ Apple ID’s are a tempting target,” said Rod Rasmussen, President and CTO of IID and the survey’s co-author.

“As Apple provides more services and devices tied to one’s Apple ID, including the just announced Apple Pay, it is no surprise that phishers are increasing their efforts to fool consumers into divulging their credentials, regardless of additional security measures Apple puts in place to protect their customers,” Rasmussen said.

The report found cybercrime gangs are aggressively pursuing brand diversity in their online fraud schemes, spoofing and otherwise leveraging the identities of some 756 institutions, the highest number the analysts had yet encountered

“If a site takes in personal data like passwords or credit card information, then phishers may want to exploit it,” said Greg Aaron, President of Illumintel and the survey’s other co-author. “We’re seeing an unprecedented breadth of targets — cloud storage sites, utility companies, business service providers, and real estate brokerages.”

Of the 87,901 domains used for phishing, the report identified some 22,679 domains, a quarter of the total sample, that the authors believe were registered maliciously by phishers.

Phishing occurred in 227 TLDs, but 90 percent of the malicious domain registrations (20,565 ) were in just five TLDs : .COM, .TK (Tokelau, which gives away its domains for free), .PW (Palau), .CF (Central African Republic) and .NET . A small number of phishing attacks were seen in the new gTLDs that began launching in early 2014. But when looking at phishing domains per 10,000 domains, .cf came out top with 320.8 followed by .ml (Mali) with 118.9 and .pw with 122.0.

The .CF, .GA, and .ML ccTLD registries were repurposed in 2013 to offer free domains names. They are operated by Freenom, which also operates the free .TK registry.

The .PW registry was plagued by Chinese phishers, who registered at least 1,889 domains to phish Taobao.com and other Chinese targets. Thailand’s .TH continues to rank highly, as it has for many years, suffering from compromised government and university Web servers.

Only about 1.7 percent of all domain names that were used for phishing contained a brand name or variation thereof.

The number is primarily due to registrations by Chinese-based phishers targeting Chinese brands who prefer cheap (and free) domain name registrations in certain TLDs. The other 65,222 domains were almost all hacked or compromised on vulnerable Web hosting.

The complete report is available to download from:
docs.apwg.org/reports/APWG_Global_Phishing_Report_1H_2014.pdf