One notable finding from the 2020 Webroot™ Threat Report was a 640% rise in the number of active phishing sites in 2019. This surge may still represent a small fraction of all malicious sites, but it’s a significant and growing fraction.
“Of all websites that host malicious content, phishing historically has been a minority,” says Webroot Security Analyst Tyler Moffitt. “While it’s growing quite a bit and a significant threat, it’s still not a large percentage of the websites being used for malicious content. Those would be things like botnets or malware hosting.”
Even small growth for a tactic that has traditionally made up some a small portion of overall malicious can seem like a large percentage, which may be part of the explanation for the rise in active phishing sites.
But there are at least three other factors that may have contributed to the rise.
More types of phishing attacks
Phishing attacks are becoming more diverse. The aim is always to steal credentials by posing as an authorized individual, but it's now be carried out over the phone, text messages, with malware, and in much more targeted forms—where cybercriminals will actually go through the trouble of learning a little about their targets before reaching out.
Spear phishing, the name for this targeted for of phishing, has turned out to be a lucrative for those who carry it out. These tailored attacks require more individualized web pages than the broad-brush attacks that preceded them, further fueling the rise.
Learn 5 Ways to Avoid a Phishing Attack
Striking while the iron is hot
There are predictable patterns when it comes to phishing attacks. Online shopping seasons and “cyber holidays” are almost always accompanied by more phishing attacks. Webpages spoofing Apple, for example, rose four-fold around the company’s March product release date before returning to their normal volume.
And cybercriminals of course aren’t above capitalizing on a panic.
“Not only do we always see a spike in phishing attacks around the holidays,” says Moffitt, “It also always happens in times of crisis. Throughout the COVID-19 outbreak we’ve followed a spike in phishing attacks in Italy and smishing scams promising to deliver your stimulus check if you click. Natural disasters also tend to bring these types of attacks out of the woodwork.”
This means that, while there were plenty of opportunities for malicious hackers in 2019, don’t be surprised to see an overall rise in 2020 as well.
Short codes and HTTPS also make it easier to land a successful phishing attack. Short codes obscure destination URLs, one of the recommended ways to check if a link is legit. And HTTPS encryption protocols make it easier to hide malicious content on benign domains, which may prompt a site visitor to let their guard down.
"All of sudden these mental checks that everyone was told to use to sniff out phishing attacks, like double-checking URLs, no longer hold," says Moffitt.
It’s a money maker
Not surprisingly, profit is the essential motivator for the rise in phishing attacks. Shared drives help to drive profitability by acting a stepping-stone to further data compromise. A single corporate Google Drive account house enough valuable information to warrant a six-figure ransom, especially when fines for not properly protecting customers’ data privacy are factored in.
“A few years ago, most of the targets were financial targets like PayPal and Chase," according to Moffitt. "But now they are tech targets. Sites like Facebook, Google, Microsoft, and Apple. Because shared drives offer a better return on investment."
For private individuals, selling personal information that could be used to open credit cards or other forms of identity theft is most common. Cybercriminals will also cross-reference the credentials they have stolen against other popular sites to try to expand the scope of their access.
Protect your business
Unfortunately for businesses, it’s likely they will find themselves in a situation where one of their employees has been phished. Because human error is responsible for so many data breaches, up to 90 percent by some counts, it’s important to have a backup plan: a strong backup and recovery solution.
“With ransomware, if an attacker encrypts your files, you still have history snapshot files, or you can go to yesterday’s version. You have guaranteed un-encrypted versions, as long as you’ve synced all your folders.”
So, make sure you have backup and recovery accounted for, before an employee takes the bait.
Protect your data across all devices with Carbonite™ endpoint backup.
