Phishing attacks are one of the most tried and true methods of attack for hackers. There is always a sucker who falls for the lies in phishing emails or phishing sites, whether due to naiveté or the more complex form certain phishing attacks have taken. As such, phishing attacks remain the No. 1 cause of security incidents worldwide. The most recent data uncovered by researchers at Webroot has some answers for why this is the case.
According to the Webroot Quarterly Threat Trends Report, which was published in September, Webroot researchers noted how an average of nearly 1.5 million new phishing websites surfaced on a monthly basis. This number is based off of two statistics: the baseline 1.385 million unique phishing sites created monthly along with an incredible 2.3 million sites popping up in the month of May alone.
In a blog post on the report, Webroot pointed out that the new phishing sites appearing were “realistic web pages that are almost impossible to find using web crawlers, and they trick victims into providing personal and business information.” Not even researchers anticipated how quickly complex and convincing phishing pages could grow. Webroot even admits in the blog post that “the sheer volume of new sites makes phishing attacks difficult to defend against for businesses.”
Other takeaways from the threat report include the short time period that most phishing attacks have. Researchers noticed in their data that many sites used for phishing in 2017 are scrubbed after a mere four to eight hours. This is done to evade detection by block lists and other common anti-phishing methods. Additionally, the list of major companies being impersonated in these new webpages keeps growing at an alarming rate. The impersonations are incredibly convincing to someone not paying attention (which unfortunately happens all too often). A list of the company names, along with the percentage that they were seen impersonated over 2017, was given and is as follows:
Ultimately, phishing attacks are not going away anytime soon, and it is imperative to train the general populous to recognize these fake pages in order to curtail the efficacy of phishing.
Photo credit: Flickr / Christiaan Colen