1.4 Million new Phishing Websites are Created Every Month
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

1.4 Million new Phishing Websites are Created Every Month

A new threat report details how many phishing sites are being created and who they’re impersonating.

There are nearly 1.4 million phishing websites created every month, according to the Webroot Quarterly Threat Trends Report (reported on by Dark Reading). This is a substantial increase from the threat report issued last December, which saw 13,000 new phishing sites per day. That extrapolates to 390,000 per month. Nearly a 1,000,000 site increase.

What’s interesting is that these phishing sites tend to stay active for just a few hours, with most averaging between 4-8 hours of activity. The reason for this is to avoid detection by browser filters. Think about it, if the site has been equipped with an SSL certificate and is only briefly active, it will look legitimate by virtue of the “Secure” indicator in the address bar. This means max efficiency. It’s a brilliant move.

Who is Being Impersonated?

As for the companies that are getting impersonated, over one-third of all phishing sites being created are pretending to be Google, with Chase and Dropbox a ways behind. From there it’s the regular crowd, Facebook, Apple, PayPal, Yahoo, Wells Fargo.

Company Phish Share
Google 35%
Chase 15%
Dropbox 13%
PayPal 10%
Facebook 7%
Apple 6%
Yahoo 4%
Wells Fargo 4%
Citi 3%
Adobe 3%

What can I do to avoid phishing scams?

Phishing is a legitimate problem online, we’ve written extensively on how to spot a fake website, but here are a few pointers if you don’t have ten minutes to read the whole article:

  • Always inspect the URL, pay specific attention to the domain name.
  • Check whether the website has encryption, if it doesn’t say “Secure” in the address bar, don’t trust it.
  • Just because it does say secure, doesn’t mean it’s automatically safe.
  • Don’t follow links contained in emails, if a company is asking you to take an action contact customer service.
  • Just pay attention, if it smells phishy, tread lightly. Trust your instincts.

What we Hashed Out (for Skimmers)

Here’s what we covered in today’s discussion:

  • There has been a precipitous increase in phishing in just the last nine months.
  • Almost 1.4 million phishing sites are created each months.
  • The average phishing site is active for between 4-8 hours to avoid detection.


Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.