A scattershot approach is a thing of the past – cybercriminals are getting cleverer with their phishing attacks, as a study by security provider Webroot indicates.
Now e-mails tailored specifically to users – with the help of data from social media such as Facebook – and with highly complex malware are being used. Hackers play on fears to get recipients to click on the links in these spam e-mails, such as by threatening to close online accounts, according to Webroot.
In the first half of 2017, says Webroot , an average of 1.385 million individual phishing websites were created every month – 46,000 a day. The peak was reached in May of this year with 2.3 million new phishing websites. It was caused by the Wanna Cry attack that many cybercriminals took advantage of for themselves, says the security expert.
Most phishing pages are only active for a few hours, says Webroot. This makes them almost impossible to identify and block using URL lists. Not even lists with hourly updates can keep up with the continuously rising number of new phishing pages, the security expert points out.
The number of companies whose websites are copied remains fairly small, according to this same study. Cybercriminals are particularly fond of Google, apparently. Among the ten websites most commonly copied for phishing purposes are Google, Dropbox, Paypal, Facebook and Apple. Google is by far the most popular in this unhappy Top Ten, accounting for 35 percent of incidents.