Kaspersky Lab has calculated how many new phishing wildcards[1] it adds to the company’s anti-phishing database every month. According to these calculations, in 2013 there was an average of 96,609 new phishing wildcards a month, but in the first half of 2014 this figure has risen sharply. This year the average number is up to 113,500 per month, an increase of 17.5%. Not only are we seeing more false links, these links are deliberately taken down quickly. Those short lifespans make life even more difficult for anti-phishing programs.
“Phishing is a fairly simple way of tricking Internet users into handing over their personal and financial information. The attackers create new phishing links every minute and now phishing sites typically operate for just a few hours. This strategy is intended to make it impossible for their site to earn a bad reputation and take its place in the anti-phishing databases established by security companies. This in turn changes the rules of the game for developing anti-phishing products: now we must carefully monitor the relevance of the phishing wildcards stored in the database. We are working with ‘perishable’ malware so a quick reaction to every update is critical,” commented Nadezhda Demidova, Content Analyst at Kaspersky Lab.
Seven steps to steer clear of phishing sites:
Anti-phishing technologies are implemented in the majority of Kaspersky Lab security solutions for home and business users, regardless of the platform used. To ensure detection of phishing websites, including new ones, the technology combines several layers – a database of phishing wildcards on the endpoint, a constantly updated database in the cloud, and heuristic analysis. If the URL is not listed in any database, the heuristic module looks for evidence of anything suspicious in both the URL and the HTML content of the website. There are almost 300 parameters which reliably indicate whether it is a phishing site or not. This helps users to avoid these scams and protect their digital identity.
[1] A phishing wildcard is a set of symbols describing a group of links detected by the system as phishing links. One wildcard can detect several thousand active links to phishing pages.