Massive rise in phishing websites causes concern
An enormous 1.4 million short-term phishing sites are created every month, creating a serious challenge for businesses.
Criminals are generating an average of 1.4 million phishing websites every month in a vast wave of very short-term attacks, according to researchers.
Large-scale phishing attacks are nothing new, but the sheer scale of the phishing industry has been laid bare in a new report that takes a look under the hood of the cyber-industry. May 2017 alone saw an astonishing high of 2.3 million fake sites created, the majority only appearing online for between four and eight hours, and generally targeting big-name brands for volume reasons.
According to Webroot's statistics for the first half of 2017, Google was the most common company for attackers to impersonate, accounting for 35 per cent of all phishing attempts, with Chase, Dropbox, PayPal and Facebook completing the top five. Apple, Yahoo, Wells Fargo, Citi and Adobe are also popular targets.
The company pointed to stats from the FBI that illustrate the extent of the problem, claiming that phishing scams have cost American business nearly $500 million a year over a three year period between October 2013 and December 2016. A separate report from APWG last year indicated a 250 per cent increase in phishing during Q1 2016.
Ilia Kolochenko, CEO of High-Tech Bridge, commented: “Phishing itself is not very dangerous for corporate users. However, when paired with drive-by-download attacks and sophisticated malware (exploit-pack) phishing can get the attackers inside almost any corporate network.
It's not surprising that phishing is constantly growing, as it does not require any advanced technical skills to launch and can bring easy-money to cybercriminals pretty quickly.
A very dangerous and emerging trend is the combination of phishing and ransomware - many users will not have a choice but to pay a ransom.”
However, he continued to point out that the overall picture of rising phishing volume and sophistication is of considerable concern: “Due to the increasing complexity and sophistication of cyber-attacks, fraudulent domains and web resources implicated in malware distribution campaigns and spear-phishing attacks become very difficult to detect. This is why, at High-Tech Bridge, we vigilantly follow new attack vectors and deception techniques leveraged by the cybercriminals and continuously improve our detection algorithms.”
Running a few of the big-name brands from the Webroot research through High-Tech Bridge’s newly enhanced free online service to detect cybersquatting, typosquatting and phishing reveals more detail on the extent of the problem highly-visible businesses face.
Search giant Google, for example, results here has a considerable 1,734 websites designed to conduct phishing attacks, and 297 websites that are likely to be attempting cybersquatting and typosquatting activities.
Another popular choice for hackers, Paypal, results here has 2,077 sites designed to conduct phishing attacks, and 214 potential cases of cybersquatting.
Meanwhile, Dropbox.com, results here yields the greatest phishing volume at 3,579 suspicious phishing sites, but a lower 201 cybersquatting and typosquatting attempts.
That’s more than 8,000 potentially dangerous sites targeting users of just those three brands that are live at the time of writing. High-Tech Bridge has recently improved it’s free cybersquatting, typosquatting and phishing radar to include proactive monitoring of all newly-registered TLDs for further analysis, major reinforcement of its OSINT sources with private sources of data (including honeypots), history of deleted domains implicated in potentially illicit or fraudulent activities, and the handy ability to securely view a malicious website via a safe screenshotting feature, as seen here, with the adrwords.goorgle.online
Looks like a pretty clear case of Adwords account phishing there, at least. Stay safe out there...