How Much Phishing is Too Much Phishing?

Phishing is and has always been a significant threat to internet users. It takes control of your ‘lizard’ side of the brain and exploits it. 

What’s going on?

A report by Interisle Consulting Group and Illumintel states some major facts about the phishing landscape in 2020. 
  • First off, the exact size of the phishing problem remains unknown. However, the problem is bigger than it seems.
  • Most phishing is focused on a small number of domain registrars and registries and hosting providers. 
  • Of all the maliciously registered domains, 65% is used within 5 days of registration.
  • Around 9% of phishing attacks are conducted on a small number of subdomain service providers. 

Some phishing instances

  • The Australian Cyber Security Centre issued an alert warning of a wave of Emotet attacks targeting the critical infrastructure and government agencies in the country.
  • A digital marketing agency, teamDigital, was found exposing clients’ sensitive data. The clients include NFL, NBL, Mastercard, and Soundcloud, among others. This data leak can possibly lead to targeted phishing and ransomware campaigns. 
  • G7 finance ministers expressed their concern over the rise of ransomware attacks against hospitals, educational institutions, and critical infrastructure. 

You cannot catch every phish

  • Phishing attacks go on for a limited duration. The limited time frame is not enough to confirm the presence of a phishing site.
  • The internet is huge. This implies that each blocklist provider has a limited visibility into attacks. 
  • A firm using a single blocklist provider leaves its users prone to various phishing attacks over time. No single solution is capable of providing entire protection, thus, giving attackers an upper hand over defenders.

The bottom line

The amount of phishing attacks discovered every year continues to increase. It inflicts reputational and financial damage to the affected users. Phishing is one of the most prevalent attack vectors, causing huge damage. It takes advantage of our cognitive biases and fools us into giving away our details. When these biases are combined with clever tactics used by cybercriminals, the attacks become even more effective.