Nearly 1.5 Million New Phishing Sites Created Each Month

Webroot Quarterly Threat Trends Report Shows Phishing Attacks Continue to Rise Both in Volume and Sophistication

BROOMFIELD, Colo. - September 21, 2017

According to the September 2017 Webroot Quarterly Threat Trends Report, 1.385 million new, unique phishing sites are created each month, with a high of 2.3 million sites created in May. The data; collected by Webroot, a leader in endpoint security, network security, and threat intelligence; show today’s phishing attacks are highly targeted, sophisticated, hard to detect, and difficult for users to avoid. The latest phishing sites employ realistic web pages that are almost impossible to find using web crawlers, and they trick victims into providing personal and business information.

Webroot Quarterly Threat Trends is based on threat intelligence data derived from the industry’s most advanced machine learning techniques, ensuring it’s both timely and accurate. View the full Quarterly Threat Trends Report:

Notable findings and analysis:

  • Phishing attacks have grown at an unprecedented rate in 2017 – Phishing continues to be one of the most common, widespread security threats faced by both businesses and consumers. Phishing is the number 1 cause of breaches in the world, with an average of more than 46,000 new phishing sites created per day. The sheer volume of new sites makes phishing attacks difficult to defend against for businesses.
  • Today’s phishing attacks continue to be short-lived – The first half of 2017 highlights the continuing trend of very short-lived phishing sites, with the majority being online and active for only 4 to 8 hours. These short-lived sites are designed to evade detection by traditional anti-phishing strategies, such as block lists. Even if the lists are updated hourly, they are generally 3–5 days out of date by the time they’re made available, by which time the sites in question may have already victimized users and disappeared.
  • Attacks are increasingly sophisticated and more adept at fooling the victim – In the past, phishing attacks randomly targeted as many people as possible, with the hope that a substantial amount would open an infected attachment or visit a malicious web page. Today’s phishing is more sophisticated. Hackers do their research and utilize social engineering to uncover relevant personal information for individualized attacks. Phishing sites also hide behind benign domains and obfuscate true URLs, carrying more malignant payloads, and fooling users with realistic impersonated websites.
  • Mix of companies impersonated continues to evolve — Zero-day websites used for phishing may number in the millions each month, yet they tend to impersonate a small number of companies. Webroot categorized URLs by the type of website being impersonated and found that financial institutions and technology companies are the most phished categories. Webroot also identified the top 10 companies being impersonated throughout the first six months of 2017.
    • Google                    35%
    • Chase                     15%
    • Dropbox                  13%
    • PayPal                    10%
    • Facebook                  7%
    • Apple                         6%
    • Yahoo                        4%
    • Wells Fargo               4%
    • Citi                             3%
    • Adobe                        3%

Industry Landscape:

  • According to an FBI Public Service Announcement from May 4, 2017, phishing scams cost American business $500 million a year. 
  • According to Verizon, phishing was found to be at fault in 90 percent of breaches and security incidents.
  • A recent report by ESG showed that 63 percent of surveyed security and network influencers and decision makers have suffered from phishing attacks in the past two years.
  • In the same ESG report, 46 percent of respondents said malware attacks have become more targeted over the past two years, and 45 percent said there is a greater volume of malware than in the past two years.

BrightCloud® Real-Time Anti-Phishing:

Webroot offers its network and security vendor partners a unique, real-time solution to combat the pervasive threat of phishing attacks — BrightCloud® Real-Time Anti-Phishing (RTAP) service. This solution:

  • Integrates into the technology or offering of a partner
  • Provides real-time URL validation to protect against zero-hour phishing attacks without increasing network latency
  • Leverages advanced machine learning and content classification to automate the detection of phishing sites
  • Crawls and evaluates every requested URL on demand, in milliseconds, using hundreds of site attributes as well as external factors associated with the site

Key Quote:

Hal Lonas, Chief Technology Officer, Webroot
“Today’s phishing attacks are incredibly sophisticated, with hackers obfuscating malicious URLs, using psychology, and information gleaned from reconnaissance to get you to click on a link.  Even savvy cybersecurity professionals can fall prey. Instead of blaming the victim, the industry needs to embrace a combination of user education and organizational protection with real-time intelligence to stay ahead of the ever-changing threat landscape.”

Additional resources:

About Webroot

Webroot delivers endpoint security, network security, threat intelligence services, and security awareness training to protect businesses and individuals around the globe. Our smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world. Our award-winning SecureAnywhere® endpoint solutions, BrightCloud® Threat Intelligence Services, and FlowScape® solution protect millions of devices across businesses, home users, and the Internet of Things. Webroot is trusted and integrated by market-leading companies, including Cisco, F5 Networks, Aruba Networks, Palo Alto Networks, A10 Networks, and more. Headquartered in Colorado, Webroot operates globally across North America, Europe, and Asia. Discover Smarter Cybersecurity® solutions at

About Us

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe. Our smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world.