46,000 phishing sites are created each day

Phishing is still the most common and widespread security threat faced by organisations and individuals, according to a report from cyber security organisation Webroot.

The company’s Quarterly Threat Trends found that phishing is the biggest cause of breaches globally and that, on average, 46,000 phishing sites are created each day.

Rapidly evolving threat

Phishing campaigns are hard to stop because there are so many of them. Webroot found that the majority of phishing websites are only active for between four and eight hours.

The sites’ short lifespan means traditional anti-phishing strategies, such as block lists, can’t detect them. Even if those lists are updated hourly, they’ll be three to five days out of date by the time they’re published.

Webroot also notes that phishing campaigns have become more sophisticated, with bogus sites looking more realistic and their fake URLs better obfuscated.

Similarly, cyber criminals have moved away from mass emails that target as many people as possible and now favour spear phishing – which are personalised messages to specific people. The report claims that criminals are able to send more spear phishing emails because they can easily gather people’s personal information on social media.

Who’s being impersonated?

Webroot found that the majority of phishing websites imitated the same handful of organisations:

  • Google: 35%
  • Chase Bank: 15%
  • Dropbox: 13%
  • PayPal: 10%
  • Facebook: 7%
  • Apple: 6%
  • Yahoo: 4%
  • Wells Fargo: 4%
  • Citi: 3%
  • Adobe: 3%

Prevent phishing in your organisation

Because phishing websites are active for such little time, it’s pointless to warn your staff about particular campaigns. Instead, you should encourage them to spot the signs of phishing campaigns and learn how to respond.

Our Phishing Staff Awareness Course helps your employees do just that. It outlines the various forms of phishing, how they work, what happens when you fall victim and how you can avoid falling victim.

For more information on phishing, take a look at our phishing infographic >>