Tens of thousands new phishing sites created daily, report says

Phishing typically requires users to fill out information or click on malicious URLs, which may not look suspicious at first.
Phishing typically requires users to fill out information or click on malicious URLs, which may not look suspicious at first.

Cyberattacks come in all shapes and sizes, from the highly transmutable ransomware, to the more targeted variety like drive-by downloads. At their core, though, no matter their form or scale, data hacks share a common goal – the theft of sensitive information when targets least expect it.

One of the most widespread threats comes in the form of so-called "phishing," and according to a newly released report, the websites that traffic in these ploys are proliferating on a massive scale.

"More than 1 million new phishing websites infect the internet every month."

Phishing – attacks designed to steal usernames passwords and financial specifics through subterfuge, often carried out via email – is the leading cause of data breaches in the world overall, according to endpoint security services firm Webroot. Indeed, IT experts believe phishing website number in the millions, with 46,000 developed per day and 1.5 million each month. Because of their ubiquity, it's understandable why phishing attacks have often proven successful, particularly businesses that have enough going on as it is, all in effort to remain viable and productive on behalf of their customers, community as well as shareholders.

Hal Lonas, Webroot chief technology officer, noted how the purveyors of phishing scams are constantly refining their strategies to stay one step ahead, aiming to outwit public awareness efforts, security software and patches.

"Today's phishing attacks are incredibly sophisticated, with hackers obfuscating malicious URLs, using psychology, and information gleaned from reconnaissance to get you to click on a link," Lonas warned. " Even savvy cybersecurity professionals can fall prey."

Google often imitated by phishing
In addition to phishing being omnipresent, these scams are capable of surviving, so long as they trick just one person into leaking identifying information. This is done by using text, verbiage, symbols, font and designs that mimic highly respected and trusted companies. For instance, according to Webroot, some of the most common businesses masquerading as legitimate on phishing websites and emails this year include Google, PayPal, Facebook, Apple and Dropbox.

Lonas noted how all too often, the victims of phishing attacks get the lion's share of criticism from the cybersecurity community, angered over their naivete. This shouldn't be happening.

"Instead of blaming the victim, the industry needs to embrace a combination of user education and organizational protection with real-time intelligence to stay ahead of the ever-changing threat landscape."

Lisa Fordham, managing director of information technology at PayneWest Insurance, echoed Lonas' sentiments.

"Phishing continues to be an ever-evolving threat globally to personal and business data, and the trend shows no sign of slowing," Fordham warned. 

How do you stay safe?
As noted by Phishing.com, the only way a phishing attack can work is when users click on a URL, sent through a variety of means and packaged in a way that makes it look trustworthy. That's why it's important to steer clear of unsolicited emails, especially those that have a call to action. Typically, phishing emails will start out with generic language like "Dear Customer" or request to fill out a form. While it may be legitimate, security experts advise going straight to the website rather than clicking on an attached URL.

Phising.com has several other strategies on how to avoid being lured by a phishing huckster.

October in National Cyber Security Awareness Month, and what better way to participate than by updating or purchasing a cyber insurance protection plan.

"Our challenge at PayneWest is providing balanced protection with accessibility to ensure the protection of client and employee data," Fordham said. "Internally, we focus on training and awareness, emphasizing prevention. An effective detection and response plan for these threats helps us maintain data integrity."

PayneWest has the customized service that can complement your existing business insurance plan with cyber coverage. Find out more about risk management products and services here.