While it’s not over yet, 2020 is already a banner year for phishing sites, with Google having registered 2.02 million such sites, according to a new study from Atlas VPN.
Cybercriminals often create copies of popular websites in order to trick unsuspecting users into entering sensitive data, such as login credentials or credit card information.
According to the Google Transparency Report, 46,000 phishing sites have been detected on average each week this year. The data also reveals that there were two huge spikes in malicious websites in the first half of 2020, which reached over 58,000 detections per week at their peak.
However, the second half of the year looks more stable with around 45,000 new phishing sites registered every seven days.
One of the reasons Altas VPN believes there were more phishing sites created in 2020 than in previous years is because more users were online during the lockdown, and more employees worked from home during this period.
This created opportunities for cybercriminals who exploited users’ fear of the virus to lead them to more bogus malicious websites.
Record year for phishing
To examine the broader trends in phishing, the Atlas VPN research team has analyzed data from phishing sites since Q1 2015 to find that 2020 is the year with the newest phishing sites.
The 2.02 million phishing sites registered by Google represent an increase of 19.91% compared to last year when the volume of malicious sites reached 1.69 million. At the same time, the average annual change in phishing sites has shown a growth of 12.89% since 2015 and the three quarters of 2020 saw more malicious sites detected than all quarters of the previous year.
In his report, John C., of Atlas VPN, explained that panic was one of the main drivers of the increase in the number of phishing sites registered this year: “ It is quite easy to correlate the pandemic and the increase in phishing attacks, not only because of the increase in Internet usage but also because of the panic. Panic leads to irrational thinking and people forget about basic online security measures. Users then download malicious files or try to buy items on demand from insecure websites, and thus become victims of a scam”.
In order to avoid falling victim to phishing attacks, users should carefully check the URL of every site they visit, ensure that the sites they visit are using HTTPS and not HTTP, and check the spelling and grammar mistakes, as they can be a serious red flag.