Cyber criminals are creating an average of around 1.4 million phishing websites every month with fake pages designed to mimic the company they’re spoofing and then replaced them within hours in order to ensure they’re not detected.
By building phishing websites with such short life-cycles, cyber criminals aim to make it hard for web crawlers to find their imposter pages, especially if there are no links to other sites.
An analysis of phishing websites by researchers at Webroot found that during the first half of 2017, an average of 1.4 million unique phishing websites were created every month, with the majority only online for between four and eight hours and most often pretending to be high profile technology and banking firms.
According Webroot’s statistics for the first half of 2017, Google was the most common company for attackers to impersonate, accounting for 35 percent of all phishing attempts. Chase, Dropbox, PayPal and Facebook made up the remaining five most popular disguises for phishing emails, while attackers also commonly claimed to be from Apple, Yahoo, Wells Fargo, Citi and Adobe.
The total number of phishing websites created per month ranged from 761,000 in February to over 2.3 million in May. That month also happened to see the WannaCry ransomware attack and scammers looked to take advantage of the fear around the incident for their own nefarious gain.
The sheer number of websites signifies evolution in the methods used by attackers, who would previously use one website for an entire phishing campaign, although this meant that if it was discovered it could be blocked in order to prevent potential victims from clicking through to it.
Now hackers have learned that quickly rotating phishing websites means that they can keep campaigns going on longer.
Up to 90 per cent of all data breaches occur as a result of credentials stolen using a phishing attack.
Phishing might look like a basic form of a cyber attack, but the simple fact of the matter is that it works. While there’s plenty of examples of vague, spray-and-pray phishing attacks – which still find success – attackers have learned to design phishing emails to look totally authentic or to panic the target into thinking something is wrong.
Analysis of the first half of 2017 shows that phishing emails frequently play on fear and emotion, urging the recipient to take quick action without taking normal precautions. Whether the urgency is implied in the subject line or in the fake URL of the phishing site, fear is being used to spur recipients to act before thinking.
For example, attackers might put the idea into the victims’ head that an account is being closed, an invoice is waiting, or even in some cases, they’ve been summoned to court. In each instance, the victim might panic and click through to the malicious site which will either steal their credentials or drop a malicious payload.
In order to tap into these fears, phishers most often pretend to be from companies in the technology and financial sector.
While attackers are attempting to breach organisations in every industry, the Webroot report suggests technology firms and banks are the most targeted by hackers – no doubt due to the riches of personal and financial data which could be accessed in the event of a successful attack.