Last January, there were more than 246,000 active phishing sites. It’s an absolute record, but that’s not all!
You will also be interested
[EN VIDÉO] What is a cyberattack? With the development of the Internet and the cloud, cyber attacks are more and more frequent and sophisticated. Who is behind these attacks and for what purpose? What are the methods of hackers and what are the most massive cyber attacks?
245,771 is the number of sites used for phishing, that is to say the recovery of identifiers. This is a record, and it was set as early as January of this year according to a report emanating fromAnti-Phishing Working Group (APWG). The APWG brings together more than 2,200 organizations from the cybersecurity sector, government organizations, NGOs, police institutions and large high-tech companies (Microsoft, Facebook, PayPal, Cloudflare, Cisco, Salesforce, Eset, McAfee, Avast, Symantec, Trend Micro…).
At the end of this absolute record in January, the figure fell, according to the APWG, below the 200,000 mark in February to rise again above this level in March. Globally, cybercriminals mainly rely on the banking sector to carry out their trapped pages. Then these are the social networks who are targeted in order to collect account identifiers and resell their content.
HTTPS is not a guarantee of honesty
On the security side, it appears that approximately 83% of all phishing benefited from http instead of the version secured by encryption https. It is a telltale sign of a deficiency security that banks could not afford, for example. On the other hand, electronic certificates (TLS) that are used to authenticate sites were nearly 95% valid for the first quarter of this year. This is certainly the lowest level for granting credit to a site, but it can be enough to fool the victims. The APWG also notes that scams by compromise e-mails (BEC) increase considerably. BECs are these e-mails that seem to come from a high-level manager and encourage them to make substantial bank transfers. We also speak of “scams against the president”.
This method can make it possible to reach a value of $ 85,000 in one go, against $ 48,000 in the third quarter of 2020. Finally, it should be noted that Namecheap is the registrar of domain names the most exploited even if it is losing ground, going from 46.3 to 32% of shares for malicious domain names. In the end, in 2021 as in 2020, the crooks operate the same strings and it still works.
Interested in what you just read?