Phishing is when an attacker misuses technology to trick someone into divulging sensitive information, such as usernames and passwords or credit card numbers. People often associate phishing with fraudulent email messages—think Nigerian prince scams—but
phishing also reaches victims through web pages, documents, text messages, social media content, instant messaging, advertisements, and even phone calls.
- A phishing website lives, on average, for 15 hours. Cybercriminals take phishing websites down quickly so authorities can’t track them down.
- Attackers use safe websites to hide their phishing websites to keep their operations going.
- In 2016, cyber security researchers have found over 400,000 phishing websites each month! That’s almost 5 million phishing websites in a year!
- Cybercriminals impersonated Google, PayPal, Yahoo and Apple the most this year, using them to manipulate users and trick them into revealing their confidential information.
Despite its humble beginnings, phishing has come a long way
since those first crudely constructed phishing emails. The
following are the most important findings from this report:
Strengthening an organization’s anti-phishing strategy means
moving beyond old techniques that use static phishing
domain or URL lists to highly automated technologies based
on sophisticated machine learning methods. These more
advanced technologies can quickly check the characteristics
and metadata for each requested webpage to look for signs of
phishing, then report a score or rating that the organization can
use to make automated decisions about allowing or denying
access to the page. When phishing sites can appear and
disappear in the length of a coffee break, highly automated
machine learning solutions are the only way to prevent
successful phishing attacks and the major data breaches they