A new Webroot report also highlights the importance of user education, as phishing lures have become more personalized as hackers use stolen data for more than just account takeover.
Hackers are using trusted domains and HTTPS to trick victims
Nearly a quarter (24%) of malicious URLs were found to be hosted on trusted domains, as hackers know trusted domain URLs raise less suspicion among users and are more difficult for security measures to block.
1 in 50 URLs (1.9%) were found to be malicious, which is high given that nearly a third (33%) of office workers click more than 25 work-related links per day.
Nearly a third (29%) of detected phishing web pages use HTTPS as a method to trick users into believing they’re on a trusted site via the padlock symbol.
Phishing continued rapid growth into 2019
Phishing grew rapidly, with a 400% increase in URLs discovered from January to July 2019.
The top industries impersonated by phishing include:
25% are SaaS/Webmail providers
19% are financial institutions
16% social media
11% file hosting
8% payment services companies
Phishing lures are becoming personalized
Phished passwords are used for more than account takeover, specifically: extortion emails claiming they’ve been caught doing something embarrassing or damaging that will be shared with colleagues, friends and family unless a ransom is paid.
Phishing doesn’t always target usernames and passwords. These attacks also go after secret questions and their answers.
Windows 7 is becoming even riskier, with infections increasing by 71%
Between January and June, the number of IPs that host Windows exploits grew 75%
Malware samples seen on only one PC are at 95.2%, up from 91.9% in 2018
Out of all infected PCs, 64% were home user machines, and 36% were business devices, likely because home users aren’t protected by corporate firewalls and security policies and may not be updated as regularly.
Over 75% of malware on Windows systems hides in one of three places:
41% in %temp%, 24% in %appdata% and 11% in %cache%.
Businesses can easily set policies to restrict execution of any application from the %temp% and %cache% locations, preventing more than 50% of infections.
Tyler Moffitt, Senior Threat Research Analyst, Webroot: “We are beginning to see hackers create more personalized phishing emails using data gathered in recent massive breaches, as well as the use of HTTPS and trusted domains to seem more legitimate.
“These tactics take advantage of familiarity and context, and result in unwarranted trust. Businesses and consumers need to be aware of and continually educate themselves about these evolving methods and risks to protect their data and devices.”