What’s Behind the Surge in Phishing Sites? Three Theories

Installing up-to-date antivirus software is an essential first step in protecting yourself from phishing attacks.

Webroot Guest Blogger

April 21, 2020

4 Min Read
Phishing sites
Getty Images

One of the most notable findings to come from the Webroot 2020 Threat Report is the significant rise in the number of active phishing sites over 2019—a 640% rise, to be exact. This reflects a year-over-year rise in active phishing sites, but it’s important to keep this (dangerous) threat in context.

“Of all websites that host malicious content, phishing historically has been a minority,” says Webroot Security Analyst Tyler Moffitt. “While it’s growing quite a bit and a significant threat, it’s still not a large percentage of the websites being used for malicious content. Those would be things like botnets or malware hosting.”

This traditional low instance rate is likely one explanation—or at least a portion of an explanation—that’s led to such a gaudy increase in the number of active phishing sites.

Here are three other factors that may have contributed to the rise in phishing sites.

  1. Diversification of Attacks

Since first being described in a 1987 paper, phishing attacks have diversified considerably. While “phishing” was once reliably email-based with a broad scope, it now entails malware phishing, clone phishing, spear phishing, smishing and many more specialized forms. Inevitably, these strains of attack require landing pages and form fields for users to input the information to be stolen, helping to fuel the rise in active phishing sites.

Spear phishing—a highly targeted form of phishing where cyber criminals must study their subjects to craft more a realistic lure—has turned out to be a lucrative sub-technique. This has likely contributed to more cybercriminals adopting the technique over mass-target emails pointing to a single source. More on profitability later.

  1. Opportunism

After years of studying phishing data, it’s clear that the number of active phishing sites rises predictably during certain times of the year. Large online shopping holidays like Prime Day and Cyber Monday inevitably precipitate a spike in phishing attacks. In another example, webpages spoofing Apple quadrupled near the company’s March product release date, then leveled off.

Uncertainty also tends to fuel a rise in phishing sites.

“Not only do we always see a spike in phishing attacks around the holidays,” says Moffitt, “it also always happens in times of crisis. Throughout the COVID-19 outbreak we’ve followed a spike in phishing attacks in Italy and smishing scams promising to deliver your stimulus check if you click. Natural disasters also tend to bring these types of attacks out of the woodwork.”

The year 2019 was not without its wildfires, cyclones and typhoons, but it would be safe to suspect the number of phishing sites will grow again next year.

Short codes and HTTPs represent more phishing opportunities for cyber criminals. Malicious content is now often hosted on good domains (up to a quarter of the time, according to our Threat Report). Short codes also have the unintended consequence of masking a link’s destination URLs. Both these phenomena make it more difficult to identify a phishing attack.

“All of sudden these mental checks that everyone was told to use to sniff out phishing attacks, like double-checking URLs, no longer hold,” says Moffitt.

  1. Profitability

Let’s face it, this is the big one. The rise in popularity of shared drives makes it more likely that any single phishing success will yield troves of valuable data. Compromising a corporate Dropbox account could easily warrant a six-figure ransom, or more, given the looming threat of GDPR and CCPA compliance violations.

“A few years ago, most of the targets were financial targets like PayPal and Chase,” according to Moffitt. “But now they are tech targets–sites like Facebook, Google, Microsoft and Apple–because shared drives offer a better return on investment.”

Even for private individuals, shared drives are more bang for the buck. Credentials that can easily lead to identity theft can be sold on the dark web and, given the rampant rates of password re-use in the United States, can be cross-checked against other sites until the compromise spirals.

Finally, phishing is profitable as an initial entry point. Once a cybercriminal has accessed a business email account, for instance, he or she is able to case the joint until the most valuable next move has been determined.

“It’s a really lucrative first step,” says Moffitt.

Don’t Take the Bait

Installing up-to-date antivirus software is an essential first step in protecting yourself from phishing attacks. Features like Webroot’s Real-Time Anti-Phishing Shield can help stop these attacks before users have the chance to fall for them. Continual education is equally as important. Webroot data shows that ongoing phishing simulations can lower click-through rates significantly.

This guest blog is part of a Channel Futures sponsorship.

Read more about:

MSPs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like