Let’s start with a small trip down memory lane. Back in 2018, only half of all phishing sites spent money to purchase a security certificate so their site displayed a padlock, an icon used in the web browser’s search bar to determine a website’s legitimacy, according to Krebs on Security. That was nearly 5 years ago. Now there are numerous phishing-as-a-service platforms where thieves need only a credit card or Bitcoins to subscribe to various levels of subscriptions.
How popular is phishing as a source of revenue for cybercriminals? Check out this startling market growth:
Source: Phishing Activity Trends –APWG report
The market has experienced such growth that the idea of being a small company or not valuable enough is no longer true as evidenced by the scale of observed attacks in this chart:
Yes, there are eight zeros in these numbers!
Source: Zscaler ThreatLabz 2023 Phishing Report
The bottom line is that this market is very valuable and continues to generate profits. What we need to do, to protect ourselves, is make our environments more secure. Training only goes so far and the need for refresher exercises is much more than once a year. Multi-factor authentication helps, and you need it for all users.
Partnering with a team like Lead I.T. that is actively testing new security measures and watching your business for attacks is another way to increase security. By staying current on the latest types of phishing attacks, and employing up-to-the-minute mitigation packages for a range of clients across a variety of industries and workforce environments, you can leverage fewer internal resources to address this troubling growing market trend. We are here to help.
Watch for more details on this subject as these thieves are not going to walk away from this growing market.