While it's financial institutions which potentially offer cybercriminals the biggest bounty for a successful phishing campaign, fake versions of online services such as eBay, Facebook, Amazon, and Google are far more prevalent on the internet, security researchers from Microsoft have warned.
The findings are outlined in the Microsoft Security Intelligence Report, a 178-page document analysing trends in software vulnerabilities, software vulnerability exploits, and malware between June and December 2015.
According to Microsoft cybersecurity researchers, just over half of websites identified by Microsoft's SmartScreen Filter as phishing sites were posing as online services, accounting for the largest number of phishing URLs as well as receiving the largest number of impressions from users. The SmartScreen Filter is an Internet Explorer feature used to detect malicious websites.
"Impressions for online services was higher than any other. We had more people trying to get to phishing sites for online services, and there are more sites dedicated to that," Tim Rains, Microsoft's chief security advisor for worldwide cybersecurity and data protection, told ZDNet.
The reason, he explained, is that it's easier to dupe a user into logging into a fake URL posing as a large, well known service, than it is to attempt to steal login details of banks and other financial intuitions which have far lower user numbers.
"If you think about it, there are thousands of financial institutions around the world, so if you're going to phish financial institutions, you need to have lots of sites, but there's only one Facebook, there's only one Ebay, so what we see with those is a low number of sites, but with a high number of impressions," Rains said.
Nonetheless, around 30 percent of websites used for phishing were posing as financial institutions "because of their potential for providing direct illicit access to victims' bank accounts". Although the ability for hackers to make off with stolen data -- often protected behind two- or three-factor authentication -- is more difficult in theory, it arguably offers a larger reward.
Data in the report shows that the number of phishing websites spiked massively between August and October last year, with a specific Wordpress bug seemingly the main culprit, as hackers tried to take advantage of a relatively easy exploit.
"The number of active malware hosting sites increased by more than 25 times between August and October, correlated with an attack campaign that compromised thousands of sites running the WordPress content management system (CMS) beginning in September, which resulted in large numbers of new exploit kit landing pages containing drive-by downloads for popular browser add-ons," the report said.
According to Stuart Aston, national security officer for the UK at Microsoft, part of what's causing this spike is cybercriminals learning to take advantage of these cybersecurity scares. Often cybercriminals will send emails which claim to be from the affected organisation, saying that the user's account has been hacked and that they must click through to a link to fix it -- however, the link leads to a phishing portal.
"The phishers are getting smart in a sense they are tying in to real-world events, because when an organisation gets hacked, all of a sudden there are phishing attempts naming that organisation. They're monitoring this stuff, so it's really important for consumers to make sure they're hovering over that link before they click it," Aston told ZDNet.