According to the research cybercriminals create roughly 1.4 million of phishing websites every month, the hackers design fake pages of the legitimate websites lookalike and then replace them back within hours in order to remain undetected over the internet.
Hackers tend to build websites having a short lifespan, the criminals make it hard for web crawlers, bots to detect the disguised pages, it becomes even harder for crawlers to detect especially when the pages have no links to other sites.
Webroot conducted a profound research on fraudulent websites and pages during the first half of 2017 and found that 1.4 million unique phishing were being created on monthly basis, the majority of the websites tend to remain online for four hours pretending to be the legitimate banking and technology companies.
According to the statistics produced by Webroot, the first half of 2017 data shows Google was the prominent company for attackers to imitate their pages, 35% of all phishing attempts were made impersonating Google pages. On the other hand, PayPal, Facebook, DropBox, Chase were the top five disguises for generating phishing emails. Hackers pretend to be from these companies and email users which the same attire the company uses in their emails in order to trick users to click, open pages or enter personal data. Hackers also claim to be the companies like Apple, Adobe, Yahoo, Citi and Well Fargo.
The large and growing number of phishing websites underpins the evolution in methods used by attackers, previously the cybercriminals could use a single website for an entire phishing campaign, which is eventually blocked or taken down when it is discovered by internet crawlers, in order to keep potential victims away from and or clicking through it.
Now, the attackers are more sophisticated, they create a number of websites and quickly rotating and disguising their identity could keep their campaigns running for long before there are discovered fraudulent.
The research claims that 90 percent of all data breaches occur as a result of data stolen by a phishing attack.
Phishing is the most common and simple type of cyber-attack but it is the fact that it works most of the time, hackers design the Phishing emails in a way they look utterly authentic, the emails often create panic among receivers to immediately think something went wrong. A common example is from PayPal, hackers design the PayPal invoice notification exactly like the one PayPal sends to the account holders when they pay someone, if you haven’t made the transaction lately and you got the real notification they $1000 have been debited from your account and you paid such and such person would definitely create panic. And if you are hasty in your decisions you would go and login to your account from the same email rather than going to your original PayPal account or App, and when you do so you are in big trouble of losing your credentials.
Therefore, it is advised for all internet users, not to use shortcuts whenever you come across a situation like this. Always open the web pages by typing the address, or your bookmarked or saved web pages where you use your personal login credentials, rather than going to the pages by directly clicking links in the emails.
Webroot suggests Banks and Technology companies are the most targeted by attackers, hackers are mainly looking for personal and financial data from users while launching these attacks.