The majority of phishing sites today (84 percent) exist for less than 24 hours, with an average life of under 15 hours. This makes it more difficult for security tools to detect and block malicious websites in comparison to phishing campaigns of the past where URLs would remain live for weeks or months.
Webroot's Quarterly Threat Trends update shows that today's phishing attacks have become increasingly sophisticated and carefully crafted to obtain sensitive information from specific organisations and people.
During 2016, an average of over 400,000 phishing sites were observed each month. Old techniques that use static or crowdsourced blacklists of bad domains and URLs must be abandoned to keep up with the short phishing life cycles and volume of sites and URLs.
Nearly all of today's phishing URLs are hidden within benign domains. URLs now must be checked every time they are requested since a page that was non-threatening merely seconds ago may have since been compromised.
Tech giants Google, PayPal, Yahoo and Apple are heavily targeted for phishing attacks. Google was the most heavily targeted of these organisations, with 21 percent of all phishing sites between January and September 2016 impersonating the company, followed by Yahoo (19 percent), Apple (15 percent) and PayPal (13 percent).
“In years past, these sites could endure for several weeks or months, giving organisations plenty of time to block the method of attack and prevent more victims from falling prey. Now, phishing sites appear and disappear in the span of a coffee break, leaving every organisation, no matter its size, at an immediate and serious risk from phishing attacks,” said Hal Lonas, chief technology officer at Webroot.