The Steady Evolution of Phishing Attacks, According to Webroot

As many of you who regularly read our blogs or use our expert services as clients are undoubtedly aware, the term “phishing” doesn’t describe a day out on the yacht with rods and reels in an attempt to snag a tuna – it refers to a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacking party, masquerading as a trusted entity, seduces a victim into opening an email, instant message or text message, and the recipient is then tricked into clicking a malicious link. This often leads to the installation of malware, the freezing of the system as part of a larger ransomware attack or the revealing of sensitive information.

Indeed, to say such an attack can have devastating results is something of a massive understatement; take it from us: everything from unauthorized purchases and the stealing of funds to identity theft can be achieved by these attackers, so it’s important to understand what you’re up against.

According to cyber-security giant Webroot and its 2020 Threat Report, phishing has evolved significantly over the past few years, with hackers learning that if they could target their victims selectively via a method known as “spear phishing,” they could increase their success rate. What’s more, the wealth of personal information shared over social networks has made it much easier for them to learn about a given victim’s online habits, in turn making it easier to craft a targeted phishing email specifically tailored for that individual.

As if that didn’t sound frightening enough, Webroot has reported that it continues to see growth in phishing attacks year over year, the company remaining an effective vector for capturing credentials and other sensitive data.

Here are some eye-opening statistics Webroot shared in its 2020 Threat Report:

  • Each month, 1.6-percent of Webroot customers encounter a phishing page, representing some 20-percent of Webroot endpoint protection customers annually.
  • Overall, the number of known phishing sites grew six-fold from January through December 2019 – from 0.15-percent to 0.96-percent of all sites.
  • The biggest difference Webroot saw in phishing activity in 2019 was the surge in the number of HTTPS phishing sites.
  • In 2018, 15-percent of phishing sites used HTTPS to trick the user into thinking the site was safe; by 2019, the percentage had risen to 27-percent.

The Companies Most Impersonated

A rather fascinating section of Webroot’s phishing attacks analysis focused on the most impersonated companies; according to the Threat Report, of the companies that were the most often impersonated in phishing attacks in 2019, eight of them were holdovers from the top 10 most impersonated in 2018.

These included:

  • Facebook
  • Microsoft
  • Apple
  • Google
  • PayPal
  • Dropbox
  • Chase
  • Yahoo
  • Adobe
  • Wells Fargo

This chart breaks down how the most impersonated companies fared in 2018 and 2019:

Business Email Compromise: Still an Ongoing Problem

What we took away from thoroughly examining Webroot’s phishing attacks report is that business email compromise is still not showing any signs of slowing – as in years past, BEC continues to be prevalent, what with this type of email fraud targeting commercial, government and nonprofit organizations by fraudulently representing a senior colleague or trusted customer. In fact, according to the FBI, BEC is a scam tactic worth $26 billion, and has showed a 100-percent increase in the identified global exposed losses between May 2018 and July 2019.

Don’t go on a Phishing Trip without DMS iTech

From something as rudimentary as server maintenance to advanced IT management services such as antivirus protection, infrastructure monitoring, backup protocols and more, DMS iTech is in your corner in the fight against phishing attacks. Contact us today to learn about the ways we can protect you and your valued data from cybercriminals who will, seemingly, stop at nothing to steal in an almost all-online environment.