With the number of phishing sites in Q1 overall up 47%, according to new data from Phishlabs, the bad guys are starting their year off letting you know… they mean business.
Nobody wants to hear that the bad guys appear to be ramping up even more than they already have. But that’s pretty much what it sounds like, according to Phishlabs Q1 2021 Threat Trends & Intelligence Report. “Growth” was a recurring theme… after all, isn’t that what most “businesses” are striving for? More “customers”? Greater market penetration? Etc. This report shows how organized the bad guys are striving to be, and that they’re actually behaving like "professional companies", nefarious as they may be.
According to the report:
- 62% of all phishing sites abused free web services and tools to stage a site
- 66% of all phishing site domains were free domain registrations
- SSL use has leveled out in Q1 with 83% of sites using SSL for legitimacy
- The ZLoader banking trojan was used when targeting corporate users 62% of the time
The last interesting stat is that 94% of phishing emails did not contain a malicious attachment or link. According to the report, it’s the social engineering-based attacks that are the most damaging and “remain highly likely to reach user inboxes undetected.”
The only way to get out ahead of the problems, Phishlabs are pointing out, is to engage your user as a line of defense, empowering them with continual Security Awareness Training that educates them not just on the basics of good cyber hygiene, but about the latest scams, social engineering tactics and campaign themes, so they can be aware and vigilant.