A third of online phishing threats cease to exist within 24 hours of being launched, meaning their lifespan is very short. That’s what a recent survey by security company Kaspersky Lab points out.
The study analyzed 5,307 phishing pages in the period between July 19 and August 2, 2021, and a large part of the analyzed links (1,784) were no longer active after the first day of monitoring.
Once they are active for a very short period of time, the detection and blocking of these scams by security software are difficult – which invariably highlights an increase in the risk of this type of scam for Internet users, according to the company.
Criminals program themselves to distribute the scam as quickly as possible after its creation, because it is in the first hours of activation that the scam is most successful.
In addition, with every hour that passes, the chances of fake pages entering the antiphishing databases increase, which reduces the chances of being taken down and, consequently, making more victims.
The first few hours are essential for a successful coup – Image: Rawpixel
Lifetime x time to take down phishing
According to Kaspersky experts, the lifespan of a phishing page is directly determined by the time taken by server administrators. That is, depending on the time these administrators take to identify the page and eliminate it, it is the time it will remain online, impacting users.
The same is true even for scams applied by cybercriminals who have their own servers on a given domain — in this case, if fraud is suspected, the registry owner can prevent the publication of content on the page.
The analysis shows, for example, that many monitored pages were removed within a few hours of their appearance: within 13 hours of the start of monitoring, a quarter of the fake pages were already offline and half of the sites did not last more than 94 hours.
“The short life cycle of a phishing represents very well the modus operandi of Brazilian phishers, as fake sites hosted on .BR domains are quickly removed, so much so that for some years now, Brazilian criminals have hosted their sites on foreign domains to make it difficult for them to be found. removal and having more time to kill victims”, explains Fabio Assolini, senior security analyst at Kaspersky in Brazil.
Among the techniques used in Brazil, the specialist highlights geographic filters, by devices and by IPs. “The first serves to avoid the analysis of security companies that do not have a research team in Brazil. The other techniques serve to target the type of victim that the criminal seeks. For example, if the malware is for mobile, accesses via desktops or laptops will see a 403 error instead of the scam page”, he adds.
