Factors including opportunity and diversity figure into the rise in phishing.
One notable finding from Carbonite partner Webroot’s 2020 Threat Report was a 640% rise in the number of active phishing sites in 2019. This rise in phishing may still represent a small fraction of all malicious sites, but it’s a significant and growing fraction.
“Of all websites that host malicious content, phishing historically has been a minority,” says Webroot Security Analyst Tyler Moffitt. “While it’s growing quite a bit and a significant threat, it’s still not a large percentage of the websites being used for malicious content. Those would be things like botnets or malware hosting.”
Even small growth for a tactic that has traditionally made up some a small portion of overall malicious can seem like a large percentage, which may be part of the explanation for the rise in phishing we are seeing.
But there are at least three other factors that may have contributed to the rise in active sites.
Phishing attacks are becoming more diverse. The aim is always to steal credentials by posing as an authorized individual, but it’s now carried out over the phone, text messages, with malware, and in much more targeted forms—where cybercriminals will actually go through the trouble of learning a little about their targets before reaching out.
Spear phishing, the name for this targeted for of phishing, has turned out to be lucrative for those who carry it out. These tailored attacks require more individualized web pages than the broad-brush attacks that preceded them, further fueling the rise.
There are predictable patterns when it comes to phishing attacks. Online shopping seasons and “cyber holidays” are almost always accompanied by more phishing attacks. Webpages spoofing Apple, for example, rose four-fold around the company’s March product release date before returning to their normal volume.
And cybercriminals, of course, aren’t above capitalizing on a panic.
“Not only do we always see a spike in phishing attacks around the holidays,” says Moffitt, “It also always happens in times of crisis. Throughout the COVID-19 outbreak, we’ve followed a spike in phishing attacks in Italy and smishing scams promising to deliver your stimulus check if you click. Natural disasters also tend to bring these types of attacks out of the woodwork.”
This means that, while there were plenty of opportunities for malicious hackers in 2019, don’t be surprised to see an overall rise in 2020, as well.
Short codes and HTTPS also make it easier to land a successful phishing attack. Short codes obscure destination URLs, one of the recommended ways to check if a link is legit. And HTTPS encryption protocols make it easier to hide malicious content on benign domains, which may prompt a site visitor to let their guard down.
“All of sudden these mental checks that everyone was told to use to sniff out phishing attacks, like double-checking URLs, no longer hold,” says Moffitt.
Not surprisingly, profit is the essential motivator for the rise in phishing attacks. Shared drives help to drive profitability by acting as a stepping-stone to further data compromise. A single corporate Google Drive account may house enough valuable information to warrant a six-figure ransom, especially when fines for not
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.