Trusted Sites Often Deliver Phishing Attacks: Study

Some of the world’s most popular websites are also the most dangerous when in comes to phishing attacks, according to Trust Hacking, a new study by Menlo Security.

Of the top 100,000 sites, as ranked by Alexa, 42% are risky: They use software that leaves them vulnerable to attack or have been compromised, Menlo reports.

And many sites fall prey to one of the three ways that cybercriminals weaponize consumer trust. They take advantage of the fact that:

  1. Trusted websites may not be as safe as you think
  2. Phishing sites leverage new tricks to win your trust
  3. Typosquatting lives on

Menlo identified 80,000 phishing sites in 2017, and found that almost 20% were in “supposedly trustworthy” categories such as News and Media and Training and Tools. 

Phishing occurs more often in untrusted categories such as Adult and Pornography. However, the sector that housed the most phishing sites was Business and Economy.

advertisement

advertisement

Menlo also found that 4,600 phishing sites used legitimate hosting services.

Here are the categories that satisfied at least one of Menlo’s three ways of weaponizing trust:  

  • News and media — 49%
  • Entertainment and arts — 45% 
  • Travel — 41%
  • Personal sites and blogs — 40% 
  • Shopping — 38%
  • Computer and internet info — 38%

However, the following are ranked as known bad sites that were used most often to delver malware:

  • Adult and pornography
  • Uncategorized
  • Parked sites
  • Business and economy
  • Shopping
  • Gambling
  • Society 
  • Personal Sites and blogs
  • Entertainment and Arts
  • News and media 

The following categories that rely on vulnerable software, such as Microsoft's IIS S web server that the company topped supporting 12 years.

  • Business and economy
  • Society
  • Personal sites and blogs
  • News and media
  • Adult and pornography
  • Entertainment and arts
  • Shopping 
  • Computer and internet info
  • Travel 
  • Educational institutions

Finally, here are the categories with the worst threat histories last year: 

  • Business and economy
  • Society 
  • Shopping
  • Computer and internet info 
  • News and media
  • Personal sites and blogs
  • Entertainment
  • Travel 
  • Adult and pornography 
  • Sports 

To analyze the risk of the Alexa-listed websites, Menlo “developed a distributed Chrome-based browser farm to load the homepage of each of the Alexa listed websites.” 

Next story loading loading..