Security

Wanna Cry: Hackers create almost 50,000 new phishing pages a day

Hackers create almost 50,000 phishing pages a day in the web, making it hard to detect them with URL lists. The attacks themselves are getting cleverer all the time, security experts warn.

28 Sep. 2017 Source: t3n Jörn Brien

Phishing attacks getting cleverer

Source: Webroot
The 10 most common websites copied for phishing. (Illustration: Webroot)

A scattershot approach is a thing of the past – cybercriminals are getting cleverer with their phishing attacks, as a study by security provider Webroot indicates.

Now e-mails tailored specifically to users – with the help of data from social media such as Facebook – and with highly complex malware are being used. Hackers play on fears to get recipients to click on the links in these spam e-mails, such as by threatening to close online accounts, according to Webroot.

In the first half of 2017, says Webroot , an average of 1.385 million individual phishing websites were created every month – 46,000 a day. The peak was reached in May of this year with 2.3 million new phishing websites. It was caused by the Wanna Cry attack that many cybercriminals took advantage of for themselves, says the security expert.

Phishing: Large number of short-lived websites

Most phishing pages are only active for a few hours, says Webroot. This makes them almost impossible to identify and block using URL lists. Not even lists with hourly updates can keep up with the continuously rising number of new phishing pages, the security expert points out.

The number of companies whose websites are copied remains fairly small, according to this same study. Cybercriminals are particularly fond of Google, apparently. Among the ten websites most commonly copied for phishing purposes are Google, Dropbox, Paypal, Facebook and Apple. Google is by far the most popular in this unhappy Top Ten, accounting for 35 percent of incidents.

Security CEBIT RSS Feed