Google reports over 2 million phishing sites in 2020 YTD
According to data analyzed by the Atlas VPN research team, Google registered 2.02 million phishing websites in 2020 Year-to-Date (YTD).
Most of the stuff you find on the web is good and can be useful, but just like in the real world, there are ill-meaning people who want to profit from unsuspecting individuals.
One of the most prevalent means of cybercrime is phishing sites. Here, criminals create a seemingly authentic copy of a popular website to lure people into entering their sensitive data, be it login credentials to their account or credit card information.
In 2020, an average of 46 thousand phishing sites are detected every week, according to Google’s Transparency Report. The total phishing websites caught amount to a staggering 2.02 million since the start of the year.
Data also reveals that in the first half of 2020, there were two huge spikes in malicious websites, reaching over 58 thousand detections per week at the peaks.
The second half of the year seems more stable, which is not a positive thing, as there are around 45 thousand new copy-cat websites registered every seven days.
Due to the fact that people are forced to stay at home during quarantine, internet usage is higher than usual. In turn, this creates more opportunities for cybercriminals.
2020 — a record year for phishing sites
To take a look at the wider perspective, Atlas VPN analyzed phishing site data since the first quarter of 2015. Our findings revealed that the year 2020 is, in fact, the year with most new phishing sites to date.
Even though 2020 is not yet at an end, it already has a record-high number of scam websites detected, amounting to 2.02 million sites, according to Google’s data. This was a 19.91% increase from 2019 when malicious site volume reached 1.69 million.
The average year-by-year change in phishing websites reveals a 12.89% growth since 2015. Also, in 2020, all three quarters had more malicious site detections than any of the previous year’s quarters.
The second quarter of 2020 has the highest number of phishing sites ever recorded, at over 635 thousand.
It is quite easy to correlate the pandemic with the increase in phishing attacks, not only because of the increased internet usage but also due to the panic. Panic leads to irrational thinking, and people forget basic security steps online. Users then download malicious files or try to purchase in-demand items from unsafe websites, in result becoming victims of a scam.
Steps to take to avoid phishing sites
Be vary of Google Ads — scammers sometimes pay to appear at the top of Google searches. When you know this fact, you can verify if the website is genuine by the following tips.
Check the URL (web address) of the site carefully — alarm bells should ring if the URL has spelling errors, is unusually long, or has unusual characters. Fraudsters might also use other alphabets that have similar looking letters which represent the authentic website letters.
Make sure the website address starts with HTTPS, not with HTTP. The HTTP shows that the website is unsecure and should once again bring up suspicion. A secure website should start with HTTPS and have a green padlock symbol before the web address. This means that the website has an SSL certificate, and the connection is encrypted. Never enter sensitive information on a website that does not have this basic security feature. Yet, even if the website is secure, it does not mean that it is not set up by fraudsters, so proceed with caution.
Spelling and grammar mistakes — another huge red flag is spelling and grammar errors. Scammers rarely hire professional editors to check their copy-cat website’s content for mistakes. If you do find a spelling error, check the website's contact and copyright information. Click around on social media links and investigate if they lead to a legit Facebook or other profile. On the profile, make sure the website link directs back to the website from which you came.
Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.