New research recently published by content delivery network provider Akamai has found that a fifth of websites considered phishing attack vectors go undetected by blacklists.
The company managed to identify 1,221 domains (1,381 URLs) that are utilized in phishing attacks. When cross-referenced with public threat intelligence resources, Akamai found that little more than 20% (specifically, 21.3%) of the URLs were not known to be malicious – even days after the phishing campaigns were activated.
Akamai estimated that there were more than 2.4 million victims of phishing attacks over a four-month period (October 2019 to January 2020), but the firm suspects that the actual number could be even higher.
The firm’s research also discovered that the number of phishing attacks surged during the holiday season, particularly during Thanksgiving. Most of the phishing URLs were abusing media and ecommerce brands – they accounted for 84% of the URLs. Other notable URLs utilized for phishing included the financial, high tech, and dating industries.
In terms of victims, South America had the greatest number of individuals scammed by phishing. Akamai also found that the region with the next highest number of victims was South Asia, accounting for 28% of all phishing victims worldwide.
“Phishing isn’t going away any time soon, and the first and most fundamental step would be to better educate our peers, colleagues, and families to be suspicious and think twice before giving away sensitive information or downloading unknown files,” the firm concluded in its report.