As of January, there were over 246,000 active phishing sites. It’s an absolute record, but that’s not all!
245,771, the number of sites used for phishing the recovery of identifiers. This is a record, and they set it as early as January of this year according to a report from the Anti-Phishing Working Group (APWG). The APWG brings together over 2,200 organizations from the cybersecurity sector, government organizations, NGOs, police institutions and large high-tech companies ( Microsoft, Facebook, PayPal, Cloudflare, Cisco, Salesforce, Eset, McAfee, Avast, Symantec, Trend Micro …).
At the end of this absolute record in January, the figure fell, according to the APWG, below the 200,000 mark in February to rise again above this level in March. Globally, cybercriminals mainly rely on the banking sector to carry out their trapped pages. Then, it is the social networks that are targeted in order to collect account identifiers and resell the content.
HTTPS is not a guarantee of honesty
On the security side, about 83% of all phishing sites use http instead of the secure version with https encryption. This is a telltale sign of a lack of security that banks could not afford, for example. In contrast, electronic certificates (TLS) used to authenticate sites were nearly 95% valid for the first quarter of this year. This is certainly the lowest level by which to grant credit to a site, but it can be enough to fool the victims. The APWG also notes that compromise scamse-mails (BEC) increase dramatically. BECs are those e-mails that seem to come from a high-level manager and encourage them to make substantial bank transfers. We also speak of “scams against the president”.
This method can achieve a value of $85,000 in one go, against $48,000 in the third quarter of 2020. Finally, it should be noted that Namecheap is the most exploited domain name registrar even if it loses from the ground, from 46.3% to 32% of shares for malicious domain names. In the end, in 2021 as in 2020, the crooks are exploiting the same tricks and it still works.
