Phishing attacks try to trick unsuspecting users by mimicking well-known brands and companies. The idea is to create an email or webpage that emulates the look and layout of a legitimate brand. Though many brands are vulnerable to spoofed emails and pages, some are more popular than others among cybercriminals, according to a blog post from Akamai.

SEE: Phishing attacks: A guide for IT pros (free PDF) (TechRepublic)

For its latest research released on Tuesday, Akamai discovered 1,221 domains, or 1,381 URLs, associated with phishing campaigns during late 2019 and early 2020. More than 20 different brands were used in these campaigns. But the majority of the brands, a full 84%, were from media and e-commerce industries. The rest of the URLs hit companies in the financial, high tech, and dating industries.

Number of phishing URLs being detected each week.
Image: Akamai

The number of victims targeted by these campaigns was estimated at more than 2.4 million, according to Akamai, though evidence points to the number being higher. Most of the victims were from South America, while more than a quarter were from South Asia.

The URLs detected were not directly associated with Akamai customers, though they were still found to be consuming or using resources from them. Akamai’s business is as a content delivery network, or CDN, which distributes web content to users based on location and other factors. Akamai highlighted three reasons why web traffic associated with phishing websites are often seen on CDN platforms.

  • The phishing website is using original or abused brand pages. In this case, cybercriminals create a website that looks similar, or identical, to the brand being abused, giving victims a false sense of security. With that sense of security and trust established, victims often end up giving away personal or sensitive information. To create this illusion, the phishing website may use some of the original website’s resources, such as images and Cascading Style Sheets (CSS) pages.
  • Phishing websites are using legitimate libraries and services. A phishing website can use all kinds of services, such as page analytics or javascript libraries, as part of the phishing kit’s functionality. If those libraries and services are delivered via a CDN platform, those services will be consumed from the CDN once the victims render the malicious domain on their browser.
  • The phishing website’s redirection is to original or abused brand pages. A well-known technique used by phishing websites is to redirect victims to the original or abused website. Doing so helps give victims a sense of safety.

In its blog post, Akamai shared several reasons why its findings are likely to be just the tip of the iceberg. Many phishing websites use proprietary content and don’t consume third-party resources. As such, Akamai can’t see them on its own platform. Further, Akamai’s research focused only on phishing campaigns consuming resources or redirecting through its own platform.

Akamai had limited visibility since it could see only results that use its own data. Finally, Akamai sampled and validated only a small number of referring websites and assumes there are more that remain undiscovered.

“While phishing is a known and frequently reported threat, the numbers associated with the potential victims are not always widely known,” Akamai said in its blog post. “The data presented in this research should be used as a red flag, leading us into action. Phishing isn’t going away any time soon, and the first and most fundamental step would be to better educate our peers, colleagues, and families to be suspicious and think twice before giving away sensitive information or downloading unknown files.”

Image: Getty Images/iStockphoto