46,000 new phishing sites are created every day

An average of 1.385 million new, unique phishing sites are created each month, with a high of 2.3 million sites created in May. The data collected by Webroot shows today’s phishing attacks are highly targeted, sophisticated, hard to detect, and difficult for users to avoid. The latest phishing sites employ realistic web pages that are hard to find using web crawlers, and they trick victims into providing personal and business information.

new phishing sites

Unique phishing URLs per month

Phishing attacks have grown at an unprecedented rate in 2017

Phishing continues to be one of the most common, widespread security threats faced by both businesses and consumers. Phishing is the number 1 cause of breaches in the world, with an average of more than 46,000 new phishing sites created per day. The sheer volume of new sites makes phishing attacks difficult to defend against for businesses.

Today’s phishing attacks continue to be short-lived

The first half of 2017 highlights the continuing trend of very short-lived phishing sites, with the majority being online and active for only 4 to 8 hours. These short-lived sites are designed to evade detection by traditional anti-phishing strategies, such as block lists. Even if the lists are updated hourly, they are generally 3–5 days out of date by the time they’re made available, by which time the sites in question may have already victimized users and disappeared.

Attacks are increasingly sophisticated and more adept at fooling the victim

In the past, phishing attacks randomly targeted as many people as possible, with the hope that a substantial amount would open an infected attachment or visit a malicious web page. Today’s phishing is more sophisticated. Hackers do their research and utilize social engineering to uncover relevant personal information for individualized attacks. Phishing sites also hide behind benign domains and obfuscate true URLs, carrying more malignant payloads, and fooling users with realistic impersonated websites.

Mix of companies impersonated continues to evolve

Zero-day websites used for phishing may number in the millions each month, yet they tend to impersonate a small number of companies. Webroot categorized URLs by the type of website being impersonated and found that financial institutions and technology companies are the most phished categories. The top 10 companies being impersonated throughout the first six months of 2017 are:

  • Google – 35%
  • Chase – 15%
  • Dropbox – 13%
  • PayPal – 10%
  • Facebook – 7%
  • Apple – 6%
  • Yahoo – 4%
  • Wells Fargo – 4%
  • Citi – 3%
  • Adobe – 3%