Cybercriminals are now creating record numbers of phishing sites and are using those sites to steal login and email credentials and credit card information.
The malicious websites can be convincing. Images are taken from legitimate websites to make the webpages appear genuine. Sites perform complementary – but fake – virus and malware scans and convince visitors that their computers have been infected, and new scams are constantly being created to convince visitors to part with sensitive information or download malware.
Antivirus companies and web filtering service providers are quick to identify new phishing sites. New malicious sites are rapidly added to blacklists enabling the sites to be blocked. Individuals and companies protected by solutions to neutralize web-borne threats remain protected, albeit with some lag between the creation of a new site or phishing webpage and its addition to a phishing blacklist.
Cybercriminals are well aware that the lifespan of a phishing website is relatively short. In response, they are generating hundreds of thousands of new phishing websites and webpages every day. Research has shown that the average lifespan of a phishing website is now only about 24 hours, although many sites exist for less than 15 hours. In years gone by, phishing websites would stay active for weeks or even months.
With such a short lifespan, cybercriminals have been forced to create even more phishing websites. According to Webroot’s Quarterly Threat Trends report, more than 400,000 new phishing webpages are now being created every single day.
New domains are being registered, although the majority of these phishing webpages are located in otherwise benign domains. Single URLs are loaded onto legitimate sites that hackers have managed to compromise. Even when a webpage has been previously checked by an anti-phishing solution, it must be checked again the next time it is visited as, during the intervening time, the site may have been compromised and the webpage altered and used for phishing or malware delivery.
Many anti-phishing solutions solely rely on the use of blacklists, yet these are unlikely to be able to keep up with the rapid creation of phishing webpages. While they appear to offer excellent protection against web-borne threats, they may in fact be leaving users open to attack.
To neutralize the threat of phishing, organizations should ensure that not only are antivirus and antimalware solutions used, but also an advanced web filtering solution. That solution should use blacklists along with other anti-malware and anti-phishing controls.
The content of each page should be accessed and checked rather than relying on the URL or domain being present in a blacklist. Organizations should have the option of blocking websites by category to reduce risk as well as keyword terms. The solution should also allow safe search integration with the major search engines. It is also now essential for any web filtering solution to be able to inspect HTTPS sites. Phishers and hackers have been known to forge SSLS and even HTTPS sites are not necessary secure.
Phishing is highly effective and its use has grown in recent years and it will continue for many years to come. Since cybercriminals are now creating even larger numbers of phishing sites, organizations must implement even more controls to counter the threat. Failure to do so could prove very costly.