Some of the world’s most popular websites are also the most dangerous when in comes to phishing attacks, according to Trust Hacking, a new study by Menlo Security.
Of the top 100,000 sites, as ranked by Alexa, 42% are risky: They use software that leaves them vulnerable to attack or have been compromised, Menlo reports.
And many sites fall prey to one of the three ways that cybercriminals weaponize consumer trust. They take advantage of the fact that:
Menlo identified 80,000 phishing sites in 2017, and found that almost 20% were in “supposedly trustworthy” categories such as News and Media and Training and Tools.
Phishing occurs more often in untrusted categories such as Adult and Pornography. However, the sector that housed the most phishing sites was Business and Economy.
Menlo also found that 4,600 phishing sites used legitimate hosting services.
Here are the categories that satisfied at least one of Menlo’s three ways of weaponizing trust:
However, the following are ranked as known bad sites that were used most often to delver malware:
The following categories that rely on vulnerable software, such as Microsoft's IIS S web server that the company topped supporting 12 years.
Finally, here are the categories with the worst threat histories last year:
To analyze the risk of the Alexa-listed websites, Menlo “developed a distributed Chrome-based browser farm to load the homepage of each of the Alexa listed websites.”