Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports…
A group of experts from Interisle Consulting Group and Illumintel released a paper today, reporting a comprehensive study of the phishing landscape in 2020. The study’s goal was to capture and analyse a large set of information about phishing attacks to better understand how much phishing is taking place, where it is taking place, and better ways to fight them.
Major findings: After a three-month data collection period, the group learned about more than 100,000 newly discovered phishing sites. Here are the major findings — full details on the study can be obtained here.
- Most phishing is concentrated at a small numbers of domain registrars, domain registries, and hosting providers.
- Phishers themselves register more than half of the domain names on which phishing occurs.
- Domain name registrars and registry operators can prevent and mitigate large amounts of phishing by finding and suspending maliciously registered domains.
- Registries, registrars, and hosting providers should focus on both mitigation and prevention.
- The problem of phishing is bigger than is reported, and the exact size of the problem is unknown.
- Sixty-five percent of maliciously registered domain names are used for phishing within five days of registration.
- New top-level domains introduced since 2014 account for 9% of all registered domain names, but 18% of the domain names used for phishing.
- About 9% of phishing occurs at a small set of providers that offer subdomain services.
Timing of registrations: The group analysed 65,255 gTLD domains to determine how much time elapsed between when a domain name was registered and when that domain was first flagged for phishing by one of the phishing data feeds. 45% of the domains (31,610 out of 65,255) were used for phishing within 14 days of registration, reinforces the conventional wisdom that when phishers register domains, they tend to use them quickly to avoid detection.
Phishing attacks are at their historical peak in effectiveness and there’s no indication that this is going to change. It’s time to provide your users with tools in the form of new school Security Awareness Training to prepare them for when the next phishing attack occurs.
With thanks to the Cyber Defence Alliance and CircleID The full story is here: http://www.circleid.com/posts/20201013-new-data-reveals-phishing-attacks-are-bigger-than-reported/
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here’s how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Select from 20+ languages and customize the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW