Phishing Site Study Reveals Why These Cyber-Scams Pervade the Web

1 of 9

Phishing Site Study Reveals Why These Cyber-Scams Pervade the Web

Phishing is a security problem for organizations worldwide, according to a report from security firm PhishLabs. The company released its "2017 Phishing Trends and Intelligence Report" Feb. 7, providing insight into the evolving phishing landscape. A major security threat, Phishing is the practice of using a variety of deceitful "social engineering" approaches to con people—particularly corporate employees—into revealing passwords, financial data or sensitive personal information. PhishLabs R.A.I.D. (Research, Analysis and Intelligence Division) analyzed about 1 million confirmed phishing sites in 2016. The report found that 91 percent of phishing attacks targeted five industry verticals: financial institutions, cloud storage, webmail, payment services and ecommerce companies. Across those industries, phishing attack volume grew an average of 33 percent in 2016.

2 of 9

Financial Institutions Are the Most Targeted

Financial institutions again were the top target of phishing attacks in 2016, although the overall share has declined in recent years.

3 of 9

More Phishing Attacks Hit Cloud Storage

PhishLabs expects cloud storage will surpass financial institutions as the top attack target in 2017.

4 of 9

2016 Phishing Volume Spiked Mid-Year

PhishLabs found that phishing volume in 2016 spiked in the middle of the year, bucking the trend of attacks surging at the end of the year during the holiday season. PhishLabs attributes the mid-year phishing spike to attacks related to Brexit (the British exit from the European Union) as well as a surge in virtual web-server compromises.

5 of 9

Virtual Server Attacks Accelerate Phishing Risks

PhishLabs reported more than 300 virtual web-server compromises in 2016, impacting 14,000 domains. A single virtual web server can act as host for many different domains, providing a potential launching point for phishing attacks.

6 of 9

Phishing Attacks Use Different Top-Level Domains

The most commonly used top-level domain for phishing attacks observed by PhishLabs in 2016 was dot com, at 51 percent.

7 of 9

The U.S is the Top Target

Phishing is a global problem that impacts countries worldwide, but the United States remains the top target, seeing 81 percent of attacks in 2016.

8 of 9

There Are Plenty of Phishing Sites in the U.S.

While phishing sites can be hosted anywhere in the world, 59 percent were located in the United States during 2016.

9 of 9

More Software Vulnerabilities Disclosed in 2016 Than Ever Before

The total number of disclosed vulnerabilities set a new record in 2016, according to a report released Feb. 6 by Risk Based Security. The 2016 Year End Vulnerability QuickView Report provides insight from Risk Based Security's VulnDB vulnerability intelligence platform. According to the report, there were 15,000 vulnerabilities reported by VulnDB in 2016, setting a new all-time record. Not only is the number of vulnerabilities increasing but so too is the severity of the reported flaws. The Common Vulnerabilities Scoring System (CVSS) is an industry standard for measuring the risk severity of a security flaws, with a higher number implying a higher impact. For 2016, 21.3 percent of reported vulnerabilities received CVSS scores between 9.0 and 10.0. Vulnerabilities are reported in a variety of ways, though in 2016, more flaws were reported through bug bounty programs, than by vendors working...
Top White Papers and Webcasts