What’s Behind the Surge in Phishing Sites? Three Theories

By | Managed Services News

Apr 21

Installing up-to-date antivirus software is an essential first step in protecting yourself from phishing attacks.

One of the most notable findings to come from the Webroot 2020 Threat Report is the significant rise in the number of active phishing sites over 2019—a 640% rise, to be exact. This reflects a year-over-year rise in active phishing sites, but it’s important to keep this (dangerous) threat in context.

“Of all websites that host malicious content, phishing historically has been a minority,” says Webroot Security Analyst Tyler Moffitt. “While it’s growing quite a bit and a significant threat, it’s still not a large percentage of the websites being used for malicious content. Those would be things like botnets or malware hosting.”

This traditional low instance rate is likely one explanation—or at least a portion of an explanation—that’s led to such a gaudy increase in the number of active phishing sites.

Here are three other factors that may have contributed to the rise in phishing sites.

  1. Diversification of Attacks

Since first being described in a 1987 paper, phishing attacks have diversified considerably. While “phishing” was once reliably email-based with a broad scope, it now entails malware phishing, clone phishing, spear phishing, smishing and many more specialized forms. Inevitably, these strains of attack require landing pages and form fields for users to input the information to be stolen, helping to fuel the rise in active phishing sites.

Spear phishing—a highly targeted form of phishing where cyber criminals must study their subjects to craft more a realistic lure—has turned out to be a lucrative sub-technique. This has likely contributed to more cybercriminals adopting the technique over mass-target emails pointing to a single source. More on profitability later.

  1. Opportunism

After years of studying phishing data, it’s clear that the number of active phishing sites rises predictably during certain times of the year. Large online shopping holidays like Prime Day and Cyber Monday inevitably precipitate a spike in phishing attacks. In another example, webpages spoofing Apple quadrupled near the company’s March product release date, then leveled off.

Uncertainty also tends to fuel a rise in phishing sites.

“Not only do we always see a spike in phishing attacks around the holidays,” says Moffitt, “it also always happens in times of crisis. Throughout the COVID-19 outbreak we’ve followed a spike in phishing attacks in Italy and smishing scams promising to deliver your stimulus check if you click. Natural disasters also tend to bring these types of attacks out of the woodwork.”

The year 2019 was not without its wildfires, cyclones and typhoons, but it would be safe to suspect the number of phishing sites will grow again next year.

Short codes and HTTPs represent more phishing opportunities for cyber criminals. Malicious content is now often hosted on good domains (up to a quarter of the time, according to our Threat Report). Short codes also have the unintended consequence of masking

About the Author

>