1.4 Million new Phishing Websites are Created Every Month
A new threat report details how many phishing sites are being created and who they’re impersonating.
There are nearly 1.4 million phishing websites created every month, according to the Webroot Quarterly Threat Trends Report (reported on by Dark Reading). This is a substantial increase from the threat report issued last December, which saw 13,000 new phishing sites per day. That extrapolates to 390,000 per month. Nearly a 1,000,000 site increase.
What’s interesting is that these phishing sites tend to stay active for just a few hours, with most averaging between 4-8 hours of activity. The reason for this is to avoid detection by browser filters. Think about it, if the site has been equipped with an SSL certificate and is only briefly active, it will look legitimate by virtue of the “Secure” indicator in the address bar. This means max efficiency. It’s a brilliant move.
Who is Being Impersonated?
As for the companies that are getting impersonated, over one-third of all phishing sites being created are pretending to be Google, with Chase and Dropbox a ways behind. From there it’s the regular crowd, Facebook, Apple, PayPal, Yahoo, Wells Fargo.
Company | Phish Share |
35% | |
Chase | 15% |
Dropbox | 13% |
PayPal | 10% |
7% | |
Apple | 6% |
Yahoo | 4% |
Wells Fargo | 4% |
Citi | 3% |
Adobe | 3% |
What can I do to avoid phishing scams?
Phishing is a legitimate problem online, we’ve written extensively on how to spot a fake website, but here are a few pointers if you don’t have ten minutes to read the whole article:
- Always inspect the URL, pay specific attention to the domain name.
- Check whether the website has encryption, if it doesn’t say “Secure” in the address bar, don’t trust it.
- Just because it does say secure, doesn’t mean it’s automatically safe.
- Don’t follow links contained in emails, if a company is asking you to take an action contact customer service.
- Just pay attention, if it smells phishy, tread lightly. Trust your instincts.
What we Hashed Out (for Skimmers)
Here’s what we covered in today’s discussion:
- There has been a precipitous increase in phishing in just the last nine months.
- Almost 1.4 million phishing sites are created each months.
- The average phishing site is active for between 4-8 hours to avoid detection.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown