Phishing Attacks remains a popular Money-Spinner for Cyber Criminals

F5 Labs’ latest Phishing and Fraud Report reveals that phishing continues to be one of the most prevalent ways cybercriminals are breaching data and making money in 2019.

Over the years, phishing has grabbed the top spot of every report on breach causes, and this trend isn’t likely to go away anytime soon. The main reason is for cybercriminals it’s easy to execute and it’s incredibly effective: there are no firewalls to bypass or finding a zero-day exploit, or encryption to decipher. The hardest part, especially with the rise in employee training, is coming up with a good trick email pitch to get people to click on.

The F5 Labs Report highlights:

• Phishing was responsible for 21% of breaches in there’s a 50% increase in these attacks during the holiday season (October through January) when online shopping is at its most popular
• The top faked websites used by cybercriminals in 2019 were, in order: Facebook, Autodiscover, Apple, Chase, Office, WhatsApp, Paypal, Amazon, Microsoft, Netflix, iCloud and Office 365
• The majority of phishing websites (54% in July 2019) are encrypted, hiding the malware they contain from traditional intrusion detection systems
• Worse perhaps, 83% of these websites use legitimate certificates, meaning browser certificate warnings won’t work to prevent users from clicking on the websites.

The F5 Labs report also discusses the most prevalent domains phishing sites are hosted on, the validity of certificates and different profiles of a 'phisherman' and how we can understand their behaviours to implement impactful cybersecurity defences.