Overview of Phishing Techniques: Fake Websites

Introduction

It’s an average Tuesday afternoon when you get an email from your bank. 

The fraud team is reaching out because they detected some unusual purchasing activity on your account. Can you log into your account to see if anything looks fishy? Conveniently, they’ve also included a link to the login page. After entering your username and password, you close the tab, delete the email and go about your day like usual. 

Days or weeks later, you check your bank account and realize money is missing. Not only that, but your email account and social media profiles have also been accessed by someone other than you. Huh, that’s weird. 

That’s when it hits you: maybe that email from your bank about the password update wasn’t from the bank at all. Maybe it was from someone pretending to be the bank. Someone who now has the same username and password you use for all of your accounts. 

It’s a scary situation. But according to research by Webroot and Thales Security, it’s a lot more common than you’d think:

  • Scammers create 1.4 million phishing websites every month
  • Most phishing sites are online for 4 to 8 hours 
  • Spoofed sites led to $1.3 billion in losses in 2019

Who are scammers impersonating? Additional research by Webroot shows that the most common targets are big tech firms, including Facebook, Apple, Google, Dropbox and PayPal, as well as finance companies like Chase, Wells Fargo and Citi. However, this list is anything but exhaustive; scammers have also been known to create fake websites for colleges and government agencies like the IRS. 

Since no website is safe from being spoofed by scammers, the best way to protect yourself as a user is to know how to spot a fake (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Christine McKenzie. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/LWea-j8Sr28/