Home > Cyber News > 21% of All Phishing Attempts Impersonate Google, Research Shows

21% of All Phishing Attempts Impersonate Google, Research Shows


Phishing continued to be one of the major online threats throughout 2016. Webroot statistics show that 84% of phishing sites were online for less than 24 hours, which makes their average life cycle less than 15 hours. These numbers show that phishing has become more sophisticated, and such websites are crafted quickly and carefully, successfully obtaining sensitive details from people and organizations.

Hal Lonas, Webroot’s CTO, says that their data shows that a phishing site can last for as little as 15 minutes, adding that:

In years past, these sites could endure for several weeks or months, giving organizations plenty of time to block the method of attack and prevent more victims from falling prey. Now, phishing sites appear and disappear in the span of a coffee break, leaving every organization, no matter its size, at an immediate and serious risk from phishing attacks.

Phishing Continues to Evolve

2016 has seen a serious uptick in phishing attempts, with 400,000 sites observed each month. The intensity of these attacks also shows that counter measures tactics need to change. The use of static or crowdsourced blacklists of bad domains and URLs is no longer efficient, as the average life of a phishing site is decreasing constantly.

Related: Fake PayPal Pages Part of Financial Phishing Scams Increase

As mentioned in the beginning, 84% of phishing sites only last a day. Furthermore, statistics show that the employment of dedicated domains for phishing has disappeared. Thus, users should check URLs each time they are requested. A page that was safe seconds ago may now be compromised.

Google, PayPal, Yahoo and Apple Targets of Phishing Attacks

Well-known and widely-spread services are often leveraged. Webroot even established that Google is the company with the largest negative impact of an impersonation. These are outlined as high-risk organizations, with 21% of all phishing sites in the period January-September 2016 impersonating Google.

On top of everything, cybercriminals are restless when it comes to developing new tactics and attack vectors, and phishing is not an exception. Sensitive information is highly desirable, and the shift towards “malicious-software and-activities-as-a-service” only makes things worse. To no one’s surprise, phishing has also shifted to “phishing-as-a-service”.

Related: Vishing, Smishing, and Phishing Scams Are After Your Information and Money

Another report, issued by Imperva’s Hacker Intelligence Initiative shows in detail how a phishing-as-a-service store on the Russian black market offers a “complete solution for the beginner scammer”. Anyone can easily buy databases of emails, templates of phishing scams, and a back-end database to store stolen credentials.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree