A new threat report details how many phishing sites are being created and who they’re impersonating.
There are nearly 1.4 million phishing websites created every month, according to the Webroot Quarterly Threat Trends Report (reported on by Dark Reading). This is a substantial increase from the threat report issued last December, which saw 13,000 new phishing sites per day. That extrapolates to 390,000 per month. Nearly a 1,000,000 site increase.
What’s interesting is that these phishing sites tend to stay active for just a few hours, with most averaging between 4-8 hours of activity. The reason for this is to avoid detection by browser filters. Think about it, if the site has been equipped with an SSL certificate and is only briefly active, it will look legitimate by virtue of the “Secure” indicator in the address bar. This means max efficiency. It’s a brilliant move.
Who is Being Impersonated?
As for the companies that are getting impersonated, over one-third of all phishing sites being created are pretending to be Google, with Chase and Dropbox a ways behind. From there it’s the regular crowd, Facebook, Apple, PayPal, Yahoo, Wells Fargo.
What can I do to avoid phishing scams?
Phishing is a legitimate problem online, we’ve written extensively on how to spot a fake website, but here are a few pointers if you don’t have ten minutes to read the whole article:
- Always inspect the URL, pay specific attention to the domain name.
- Check whether the website has encryption, if it doesn’t say “Secure” in the address bar, don’t trust it.
- Just because it does say secure, doesn’t mean it’s automatically safe.
- Don’t follow links contained in emails, if a company is asking you to take an action contact customer service.
- Just pay attention, if it smells phishy, tread lightly. Trust your instincts.
What we Hashed Out (for Skimmers)
Here’s what we covered in today’s discussion:
- There has been a precipitous increase in phishing in just the last nine months.
- Almost 1.4 million phishing sites are created each months.
- The average phishing site is active for between 4-8 hours to avoid detection.