A phisher ’ s domain
As per previous years ’ research , F5 Labs noted that fraudsters are becoming ever more creative with the names and addresses of their phishing sites .
In 2020 to date , 52 % of phishing sites have used target brand names and identities in their website addresses . Using phishing site data from Webroot , F5 Labs discovered that Amazon was the most targeted brand in the second half of 2020 . Paypal , Apple , WhatsApp , Microsoft Office , Netflix and Instagram were also among the top 10 most impersonated brands .
By tracking the theft of credentials through to use in active attacks , F5 Labs observed that criminals were attempting to use stolen passwords within four hours of phishing a victim . Some attacks even occurred in real time to enable the capture of multi-factor authentication ( MFA ) security codes .
Meanwhile , cybercriminals also became more ruthless in their bids to hijack reputable , albeit
Phishing attacks will continue to be successful as long as there is a human that can be psychologically manipulated in some way . vulnerable URLs – often for free . WordPress sites alone accounted for 20 % of generic phishing URLs in 2020 . The figure was as low as 4.7 % in 2017 .
Furthermore , cybercriminals are increasingly cutting costs by using free registrars such as Freenom for certain country code top-level domains ( ccTLDs ), including . tk , . ml , . ga , . cf , and . gq . As a case in point , . tk is now the fifth most popular registered domain in the world .
Hiding in plain sight
2020 also saw phishers intensify efforts to make fraudulent sites appear as genuine as possible . F5 SOC statistics found that most phishing sites leveraged encryption , with a full 72 % using valid HTTPS certificates to trick victims .
This year , 100 % of drop zones – the destinations of stolen data sent by malware – used TLS encryption ( up from 89 % in 2019 ).
Combining incidents from 2019 and 2020 , F5 Labs additionally reported that 55.3 % of drop zones used a non-standard SSL / TLS port . Port 446 was used in all instances bar one .
An analysis of phishing sites found that 98.2 % used standard ports : 80 for cleartext HTTP traffic and 443 for encrypted SSL / TLS traffic .
24 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com