Dive Brief:
-
Cybercriminals have created thousands of new web page links to host their phishing attacks over the last six months, according to a new report.
-
The Anti-Phishing Working Group said the number of distinct website links in phishing attacks jumped by more than 150% between October 2015 and March 2016.
-
Attackers are apparently creating the links as a new way to dodge traditional defenses.
Dive Insight:
Most phishing URLs are hosted on hacked websites, Luis Corrons technical director of PandaLabs and a contributing analyst to the report, told eWEEK. Creating a new URL that leads to that legitimate-looking but hacked website is the latest trick cybercriminals are using to corral victims while staying under the radar.
"Usually, the domain used in an attack is not malicious," Corrons said. "There will be a website, and someone, somehow hacks into the site and creates a number of phishing pages inside the domain. That is why it is hard to shut down a phishing site."
Most phishing websites are quickly taken down, but keeping on top of an average 3,000 new URLs a day poses a challenge. Cybercriminals know the numbers are in their favor, and creating huge numbers of new URLs also raises the workload for defenders.
The report also found that U.S. servers host about three-quarters of phishing sites, but users in China are the most likely to encounter malware in their email, the study found.
Anti-phishing company PhishMe recently found the average response rates to any particular phishing email is about 20%, and people who click on one phishing email are 67% more likely than average to click on another one.
Cybercriminals make an estimated 1,425% ROI for exploit kit and ransomware schemes, according to the 2015 Trustwave Global Security Report. Those returns are enough to keep enterprising cybercriminals working nearly nonstop to improve their strategies.