Bolster, a deep learning-powered fraud prevention company protecting the world’s leading brands from counterfeit activity, today released its Q2 and Q3 2020 State of Phishing and Online Fraud Report. Throughout the year, the company releases impactful data obtained from its AI engine, which has analyzed over 1 billion websites to provide an in-depth audit of how phishing and online fraud is affecting enterprises, SMBs, non-profits and the online consumer community. As predicted in the Bolster Q1 State of Phishing and Online Fraud Report, the number of phishing and scam sites continues to grow, with more than four million suspicious pages live today.
The Internet is full of fraud and theft and cybercriminals are operating in the open with impunity, violating copyrights, misrepresenting brands and advocating deceit overtly. Surprisingly, Bolster found these criminals are not lurking in the shadows of the dark net, instead they are using mainstream ISPs, hosting companies and free Internet services – the same that are used by legitimate businesses every day.
The Bolster Q2 and Q3 State of Phishing and Online Fraud Report provides a summary of the most recent trends in phishing and scams, offers insights into the scale, breadth and scope of these attacks and takes a deeper look into the examples of recent attacks and how organizations can protect themselves. Key findings from the new report include:
Phishing and online fraud scams accelerate: In Q2, Bolster saw an alarming, rapid increase of new phishing and fraudulent sites being created, detecting 1.7 million phishing and scam websites – a 13.3% increase from Q1 2020. Phishing and scam websites continued to increase in Q2 and peaked in June 2020 with a total of 745,000 sites detected. On average, there were more than 18,000 sites created each day.
Cybercriminals use common, free email services to execute phishing attacks: The most active phishing scammers are using free emails accounts from trusted providers including Google and Yahoo!. Gmail was the most popular with over 45% of email addresses. Russian Yandex was the second most popular email service with 7.3%, following by Yahoo! with 4.0%.
Brand impersonation continues to escalate. Bolster’s data reveals that the top 10 brands are responsible for nearly 44,000 new phishing and fraudulent websites from January to September 2020. Each month there are approximately 4,000 new phishing and fraudulent websites created from these 10 brands alone. September saw a near tripling in volume with more than 15,000 new phishing and fraudulent website being created for these top brands, with Microsoft, Apple and PayPal topping the list.
COVID-19 is still a target, but less so. In the Bolster Q1 State of Phishing and Online Fraud Report, the company found that approximately 30% of confirmed phishing and counterfeit pagers were related to COVID-19, equaling over a quarter of a million malicious websites. Compared to Q1, these scams increased by 22%, following dynamic news headlines – N95 masks, face coronavirus drugs and government stimulus checks. However, the good news is that these scams are declining month-over-month.
Cybercriminals will continue to utilize natural news drivers. Though phishing and fraudulent campaigns outside of extraordinary events are on the rise, cybercriminals continue to demonstrate their agility from major events. In Q3, Bolster discovered scams connected to Amazon Prime Day and the presidential election. There was a 2.5X increase of fraudulent websites using the Amazon brand a logo in September, focusing on payment confirmation, returns and cancellations and survey for free merchandise. Where the presidential campaigns were fraught with counterfeiting and Internet trolling.
“With the holiday shopping season kicking off, the results of the presidential election and the New Year approaching, we anticipate the number of phishing and fraudulent activity to continue to rise,” said Shashi Prakash, co-founder and CTO of Bolster. “In anticipation of these events, criminals are sharpening their knives of deception, planning new and creative ways to take advantage of businesses and consumers. Companies must be vigilant, arming their teams with the technology needed to continuously discover and take down these fraudulent sites before an attack takes place. We are committed to working with our customers and partners to help combat this malicious activity, keeping companies and consumers safe. ”
The full report can be downloaded here.
Bolster is a deep learning-powered fraud and risk orchestration and automation platform protecting the world’s leading brands. The company provides automated takedowns of online scams and account takeovers through real-time phishing detection, allowing organizations to protect and increase business revenues along with customer loyalty and trust. Free real time scans are also available through the community tool, Checkphish.ai. The company has a team of security experts from leading security companies including Cisco, Symantec, McAfee, Bell Labs, and OpenDNS. Founded in 2017 and based in Los Altos, California, Bolster raised $10M in Series A funding led by Thomvest Ventures and Crosslink Capital. For information about Bolster, please visit bolster.ai and follow us on LinkedIn and Twitter @BolsterAI.