The APWG is the global industry, law enforcement, and government coalition focused on unifying the global response to cyber crime through development of data resources, data standards and model response systems and protocols for private and public sectors. When it comes to setting standards for cyber crime response and protocols, APWG is one of the most authoritative organizations in the world.
According to the APWG Q3 2013 Phishing Activity Trends Report, we saw a 20 percent increase in phishing with these attacks rapidly evolving and proliferating. This escalation is generally attributable to rising numbers of attacks against money-transfer and retail/e-commerce websites. As fraudsters escalate their online presence, business’ reputations are on the line. The report highlights the use of organizations’ names and logos as part of their phishing tactics, duping users into opening emails and clicking on links. The following chart indicates the number of unique phishing instances detected by the APWG (The Anti-Phishing Working Group).
The growing popularity of social networking sites such as, Facebook, My Space and Twitter shows the change in phishing schemes. The internet has become more conversational and more people are using these social networking sites to build their own personal space online; containing information about their personal identity such as, interests, family/friends and business associates. Recently, a new scam hit Facebook users in which it sends a user to a websites that steals their login information and downloads malware on to their computer. So, how are Phishers making money by Facebook login details? Phishers are hoping that these passwords are same as the users other accounts, most importantly bank accounts. Also, obtaining information about people like their name, email addresses and etc, phishers are able to develop more successful phishing scams by customizing emails to include, for instance, a person's name and address inside phishing email's purporting from the banks. It looks like social networking sites are great tools for phishers because of the familiarity and an email supposedly from a friend looks more legitimate. Looking to the future, many people think that social networking sites will be used for phishing sites against corporations. This is why educating employees about phishing is extremely important. "Still, with companies looking to Twitter to reach out to customers, spear phishers may soon have a fantastic weapon to target enterprises" (Prince, 2009).
The latest APWG conference was held in beautiful Barcelona, Spain, this past May. The agenda for the Counter-eCrime Operations Summit included presentations such as National Reports from Italy, Spain, UK, and Malaysia, "The Ins and Outs of Fast Flux Networks", "A Multi-Stakeholder Approach to Battle Cyber Crime", and an entire afternoon devoted to end-user education initiatives (the full agenda can be found here). More information on APWG, including past and future conferences, educational resources, and instructions on how to report phishing to them can be found on the APWG site.