Apple now the number one target for phishing attacks

Apple is now the most-phished brand according to the latest report from the Anti-Phishing Work Group (APWG).

Based on data from the first half of 2014, 17.7 per cent of all phishing attacks were aimed at the Cupertino-based firm, with PayPal in second and Chinese shopping site Taobao claiming third place.

Read more: How to protect your Apple iCloud account by setting up two-step verification

In an interview with TechNewsWorld, the APWG's Rod Rasmussen claimed that the ability to access various information streams with an Apple ID is the reason for the increased number of attacks.

"They can be used to lock a user out of their phone and ransom it back to them for money," Rasmussen said. "There are lots of different attack vectors, which adds up to why Apple is being phished as heavily as it is."

Rasmussen also speculated that the recent nude celebrity photo leaks were probably the result of hacking Apple IDs.

The report also indicates that a wider variety of companies are now being targeted by phishing attacks. APWG found that 756 institutions had been targeted by phishers in the first half of the year, with almost half of those not experiencing phishing in the previous six months.

It is likely that phishers are selecting new targets in the hope of finding vulnerable new user bases that are not ready to defend themselves.

It can require multiple defensive strategies in order to prevent phishing attacks, with the combination of behavioural analysis and big data proving particularly effective.

Idan Tendler, CEO of Fortscale said that intruders often reveal themselves through their malicious behaviour.

"The only way to identify these suspicious users is by profiling their behaviour, by analyzing system logs that document their behaviour," he said.

Read more: 70% of IT professionals suffer weekly phishing attacks - are you one of them?

By creating normal behaviour profiles, companies can more easily identify intruders within their network and ultimately reduce the number of successful phishing attacks.