Phishing Activity

Phishing is a significant threat to millions of Internet users. Phishing attacks lure victims to a web site that appears to be operated by a trusted entity, such as a bank, a merchant or other service. The web site, however, is a deception, a fake, and the site’s fake content is designed to persuade a victim to enter sensitive information. Criminals use these fake websites to steal financial, business or personal information from those who visit and fall prey to the phishing attack.

Companies, government entities such as tax authorities, and universities are highly valued phishing targets. Phishers will compromise the web sites of these legitimate organizations insert malicious content on web hosts that they compromise, on the email providers who must defend against phishing spam, and on responders charged with protecting users and networks.

Phisher require resources to conduct attacks, including domain names, Internet addresses, hosting, or cloud services. These resources are managed by a diverse set of businesses, governments, and non-government organizations that operate in one or more related Internet industry segments. The measurements we report quarterly illustrate where phishing is problematic in each segment and moreover, that phishing affects all of these segments in some way.

We publish these reports because we believe that measurements are necessary to drive informed decision making; however, the operational communities of the industry segments that cybercriminals exploit must commit to mitigation where they are able to do so. And to do so effectively, they must collaborate closely with cyber investigators, policy makers, legislators, and law enforcement.

For a summary of the most recent phishing activity, read our most recent Phishing Trends report.