Phishing targeting SaaS and webmail services increased to 36% of all phishing attacks
A new APWG report shows that a growing number of phishing attacks (36% in Q1 of 2019) target Software-as-a-Service (SaaS) and webmail solutions. Just over a quarter (27%) of phishing campaigns went after payment services, while 16% targeted financial institutions. Greg Aaron of APWG explains that “phishers are interested in stealing logins to SaaS sites because they yield financial data and also personnel data, which can be leveraged for spear-phishing.”
The number of phishing sites grew by over 40,000 in the first three months of this year, from 138,328 in Q4 of 2018 to 180,768 in Q1 of 2019. The report also shows that the traditional security advice telling people to check if websites use HTTPS instead of HTTP is becoming increasingly irrelevant, since almost 60% of phishing websites currently use HTTPS.