eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

Phishers also making more use of HTTPS in attacks

Hooks on top of credit cards with a padlock in the background

Phishing attacks increased by 510% from January to February 2020 alone, according to a new report.

The 2021 Webroot BrightCloud Threat Report said these attacks increased significantly in the first few months of 2020, taking advantage of pandemic-induced product shortages and increased use of streaming services.

Related Resource

The definitive guide to IT security

Protecting your MSP and your customers

The definitive guide to IT security for MSPs - whitepaper from LiongardDownload now

Of the brands most targeted for impersonations, eBay topped the list with 31.1% of all phishing attacks in February. Apple, Microsoft, Facebook, and Google made up the rest of the top five. 

Security intelligence director Grayson Milbourne said it’s not uncommon to see phishing campaigns make big shifts in the companies they target based on how people are likely to shop and interact online.

“During the pandemic, people who would have shopped in person at malls and bricks and mortar stores turned to resources like eBay and online retailers. Cybercriminals follow these trends. They took advantage of eBay early in the pandemic and then pivoted, as the year went on, to other trending topics,” he said.

The report found that another trend in phishing URLs is using HTTPS versus HTTP. It found many users have learned to expect their websites to use HTTPS to protect communications, making them less likely to fall for phishing scams using HTTP.

“While switching to use HTTPS requires a bit more effort and expense on the attackers’ part, it’s well worth it, as using the HTTPS protocol gives unsuspecting victims a false sense of security, and the encryption can also prevent many web filtering solutions from identifying and blocking malicious communications,” the report’s authors said.

Throughout all of 2020, around 32% of phishing attempts used HTTPS, but a shocking 54% of phishing sites used HTTPS in December alone. Researchers predicted that most phishing attempts would use HTTPS in 2021.

Despite the rising figures, HTTPS use varies considerably based on the industry the hackers are targeting.

“It’s most heavily used when spoofing cryptocurrency exchanges (70% of the time), ISPs (65%), and gaming (62%). Meanwhile, for other industries, like delivery services and social media, the rates are just over 30%. Education is the lowest sector at 26%,” researchers said.

“Whenever there’s a major event or hot topic in the news, you can bet there will be opportunists on standby somewhere, poised to exploit it,” said David Dufour, vice president of Software Engineering at Webroot.

“The pandemic has been no different, with cyber criminals working overtime to take advantage of individuals and businesses as they transitioned to a mostly online lifestyle. New social engineering tactics, phishing campaigns, record-breaking ransomware pay-outs, and other developments emerged at astonishing rates.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Bridging the DevSecOps divide: Spotlight on key relationships
Whitepaper

Bridging the DevSecOps divide: Spotlight on key relationships

3 Dec 2021
Planned Parenthood cyber attack exposes data of 400,000 patients
cyber attacks

Planned Parenthood cyber attack exposes data of 400,000 patients

3 Dec 2021
Bridging the DevSecOps divide: Spotlight on zero trust
Whitepaper

Bridging the DevSecOps divide: Spotlight on zero trust

3 Dec 2021
Bridging the developer and security divide
Whitepaper

Bridging the developer and security divide

3 Dec 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021