By building phishing websites with such short life-cycles, cyber criminals aim to make it hard for web crawlers to find their imposter pages, especially if there are no links to other sites.
An analysis of phishing websites by researchers at Webroot found that during the first half of 2017, an average of 1.4 million unique phishing websites were created every month, with the majority only online for between four and eight hours and most often pretending to be high profile technology and banking firms.
According Webroot's statistics for the first half of 2017, Google was the most common company for attackers to impersonate, accounting for 35 percent of all phishing attempts. Chase, Dropbox, PayPal and Facebook made up the remaining five most popular disguises for phishing emails, while attackers also commonly claimed to be from Apple, Yahoo, Wells Fargo, Citi and Adobe.
The sheer number of websites signifies evolution in the methods used by attackers, who would previously use one website for an entire phishing campaign, although this meant that if it was discovered it could be blocked in order to prevent potential victims from clicking through to it.
Now hackers have learned that quickly rotating phishing websites means that they can keep campaigns going on longer.
Analysis of the first half of 2017 shows that phishing emails frequently play on fear and emotion, urging the recipient to take quick action without taking normal precautions. Whether the urgency is implied in the subject line or in the fake URL of the phishing site, fear is being used to spur recipients to act before thinking.
For example, attackers might put the idea into the victims' head that an account is being closed, an invoice is waiting, or even in some cases, they've been summoned to court. In each instance, the victim might panic and click through to the malicious site which will either steal their credentials or drop a malicious payload.
In order to tap into these fears, phishers most often pretend to be from companies in the technology and financial sector.
While attackers are attempting to breach organisations in every industry, the Webroot report suggests technology firms and banks are the most targeted by hackers - no doubt due to the riches of personal and financial data which could be accessed in the event of a successful attack.