[Heads Up!] A Whopping 21 Percent of Phishing Attack URLs Are Not Detected As Malicious For Days After They Go Live


New data from Akamai provides insight into why phishing attacks are making it all the way to the endpoint… and why they can trick users so easily into becoming a victim.

Every IT pro would like to believe that by putting a layered security defense in place to specifically stop phishing attacks, the attacks would simply be detected and stopped.

Not so fast.

A new report from Content Delivery Network (CDN) provider Akamai shows that the bad guys are figuring out ways to not just make it past your defenses, but are counting on your browser’s use of a CDN to keep their maliciousness alive.

According to Akamai, of over 1200 malicious domains using Akamai’s CDN functionality to deliver malicious content, 21.3% of all phishing URLs used were not known to be malicious to public threat intelligence sources. Akamai estimates that over 2.4 million victims worldwide over a 4-month period were the target of attacks (whether successful or not) using these URLs.

Weekly number of victims over 4 months. Picture source courtesy Akamai

They attribute the attack success to a few factors that may be delivered from a CDN:

  • The use of abused brand pages and some of the original brand’s website resources
  • The use of legitimate libraries and services
  • Redirection to original brand web pages

These techniques both help to avoid detection, as well as create a sense of credibility with potential victims by impersonating well-known brands.

The only way to successfully stop these attacks that make their way into your user’s Inbox is to employ your users user to identify and stop suspicious and potentially malicious emails.

How, you ask? Through Security Awareness Training – by putting them through continual training, you educate them to be vigilant in the same way you are each and every time you open your Inbox. See that email about an invoice that you knew immediately was bogus? That’s what you get with Security Awareness Training; users that are as aware as you that can easily spot and stop and attack before it has an impact.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews