1.4 Million new Phishing Websites are Created Every Month
A new threat report details how many phishing sites are being created and who they’re impersonating.
There are nearly 1.4 million phishing websites created every month, according to the Webroot Quarterly Threat Trends Report (reported on by Dark Reading). This is a substantial increase from the threat report issued last December, which saw 13,000 new phishing sites per day. That extrapolates to 390,000 per month. Nearly a 1,000,000 site increase.
What’s interesting is that these phishing sites tend to stay active for just a few hours, with most averaging between 4-8 hours of activity. The reason for this is to avoid detection by browser filters. Think about it, if the site has been equipped with an SSL certificate and is only briefly active, it will look legitimate by virtue of the “Secure” indicator in the address bar. This means max efficiency. It’s a brilliant move.
Who is Being Impersonated?
As for the companies that are getting impersonated, over one-third of all phishing sites being created are pretending to be Google, with Chase and Dropbox a ways behind. From there it’s the regular crowd, Facebook, Apple, PayPal, Yahoo, Wells Fargo.
Company | Phish Share |
35% | |
Chase | 15% |
Dropbox | 13% |
PayPal | 10% |
7% | |
Apple | 6% |
Yahoo | 4% |
Wells Fargo | 4% |
Citi | 3% |
Adobe | 3% |
What can I do to avoid phishing scams?
Phishing is a legitimate problem online, we’ve written extensively on how to spot a fake website, but here are a few pointers if you don’t have ten minutes to read the whole article:
- Always inspect the URL, pay specific attention to the domain name.
- Check whether the website has encryption, if it doesn’t say “Secure” in the address bar, don’t trust it.
- Just because it does say secure, doesn’t mean it’s automatically safe.
- Don’t follow links contained in emails, if a company is asking you to take an action contact customer service.
- Just pay attention, if it smells phishy, tread lightly. Trust your instincts.
What we Hashed Out (for Skimmers)
Here’s what we covered in today’s discussion:
- There has been a precipitous increase in phishing in just the last nine months.
- Almost 1.4 million phishing sites are created each months.
- The average phishing site is active for between 4-8 hours to avoid detection.
Hi There! loved this post and created an image for my social platforms based on your data: https://www.liveconsulting.com/hubfs/phishing%20stat.jpg
Please feel free to use this in the article if you like!
– Lauren
Hi There! loved this post and created an image for my social platforms based on your data: https://www.liveconsulting.com/hubfs/phishing%20stat.jpg
Please feel free to use this in the article if you like!
– Lauren
As a regular internet user, I have encountered phishing sites that clone Google forums and Paypal trying to trick me. They will copy how the website look but if you will look closely you can spot the difference in domain name.
Can any one help me to verify my website https://www.mjobrr.com is effected with fishing attack?
and How to prevent my website from fishing attack.
[…] adding a “secure” label in the address bar despite the site’s nefarious nature. Phishing has never been more rampant. Now it seems that Google has gotten enough buy-in to remove the indicator, which should help deal […]