Jack Ellis

A study by cybersecurity firm PhishLabs indicates that the volume of phishing attacks grew by almost one-third last year, with cloud storage brands set to overtake financial services as the top targets. Researchers also found that phishing perpetrators are increasingly turning to new gTLDs to dupe internet users.

The data behind the latest edition of PhishLabs’ annual Phishing Trends & Intelligence Report was drawn from analysis of close to one million confirmed malicious phishing sites across over 170,000 unique domains in 2016 – 23% more than in 2015. Furthermore, the PhishLabs team’s investigations of around 7,800 phishing attacks each month were factored in to the study, as was examination of thousands of unique malware samples.

As phishing is the fraudulent activity of attempting to obtain personal information such as passwords, bank account details and so on, by masquerading as a trustworthy entity – in particular, a brand owner – the long-standing attraction to phishers of imitating financial services brands is fairly obvious. In 2016, then, financial services remained the industry most targeted by phishing, accounting for 23% of consumer-focused phishing attacks according to the report. However, compared to previous years the burden borne by the financial sector has decreased significantly (from 38% in 2013 to 32% in 2014 and 28% in 2015). Online payment services have seen a similar drop in share of phishing incidents, from a high of 26% in 2013 to 14% last year.

It would appear that phishers are now focusing more of their efforts elsewhere. The sector that has seen the most significant growth in phishing attacks since 2013 is the cloud storage and file hosting industry, up from 9% four years ago to 22.6% in 2016. The report notes: “If these recent trends continue as we expect, there is a strong likelihood that cloud storage services will overtake financial institutions as the most targeted industry in 2017.” They add that “phishing attacks impacting this sector almost exclusively target only two companies: Google (Google Drive/Docs) and Dropbox”. Email providers, e-commerce sites and software-as-a-service firms have similarly seen a rise in their brands being hijacked for phishing.

Another section of the report that will give trademark owners plenty to be mindful about is that which examines the use of different types of web domain for launching phishing scams. Just over 51% of analysed phishing sites were hosted on ‘.com’ domains in 2016. The nine next most common were domains under ‘.br’, ‘.net’, ‘.org’, ‘.ru’, ‘.uk’, ‘.au’, ‘.info’, ‘.in’, and ‘.pl’, with all 10 between them representing more than three-quarters of all phishing sites. However, the universe of phishing sites identified by PhishLabs were hosted on 432 different top-level domains – almost 65% more than in 2015.

The report’s authors attribute this substantial growth in diversity to an increased popularity among phishers of new gTLDs that have been launched over the past few years. In 2015, PhishLabs found a total of 66 new gTLDs associated with hosting phishing sites. Last year, that number shot up to 220. The most common new gTLDs used to host phishing content over the past 12 months were ‘.top’, ‘.xyz’, ‘.online’, ‘.website’, ‘.link’, ‘.space’, ‘.site’, ‘.win’ and ‘.support’.

The authors further point out that, while new gTLDs only account for 2% of all phishing domains – with legacy gTLDs at 63% and country-specific ccTLDs 36% – the overall number of phishing sites hosted on them increased by over 1,000% in 2016.

As this blog reported last week, brand owners appear to have taken a fairly moderate approach in terms of trademark enforcement in the face of the new gTLD programme, choosing to prepare for threats if and when they arise rather than taking preventive action in these still-early days of the rollout. Nevertheless, these recent findings on phishing – an infringement hazard that, by its very nature, often goes completely unnoticed by brand owners – may compel trademark counsel to reassess their strategies. 


Please log in or register to leave a comment.

There are no comments on this article

Share this article