Bolster, a deep learning-powered fraud prevention company protecting the world's leading brands from counterfeit activity, today released its Q1 2020 State of Phishing and Online Fraud Report: COVID Edition. Each quarter, the company releases impactful data gleaned from its AI engine, which has analyzed over 1 billion websites to provide an in-depth audit of how phishing and online fraud is affecting enterprises, SMBs, non-profits, and the online consumer community.
Key findings from Bolster’s Q1 2020 State of Phishing and Online Fraud Report:
Exponential growth in phishing and website scams. In Q1 2020, Bolster detected 854,441 confirmed phishing and counterfeit pages and ~4M suspicious pages.
COVID creates a surge. Of the total number of confirmed phishing and counterfeit pages, ~30% were related to COVID-19 — that is over a quarter of a million confirmed malicious websites.
Daily phishing creation soars. Over 3,142 phishing and counterfeit pages went live every day in Jan. with that number increasing to 8,342 in March — due to the COVID-19 pandemic. Over 25,000 pages were created on 3/19 — a record for the quarter.
SaaS, Telecoms, and Finance suffer the most from phishing. SaaS and Telecoms were the industries most impacted by phishing scams, followed by Finance, Retail, and Streaming.
COVID medical scams play on a cure. In the month of March alone, Bolster found 102,676 websites related to medical scams, with 1,092 websites either selling Hydroxychloroquine or spreading misinformation about using it to cure COVID-19.
Stimulus checks and loans brought out the hackers. Bolster found over 145,000 suspicious domain registrations with ‘stimulus check’ in them. The number of websites that claim to offer small business loans jumped 130 percent from February to March. Hackers spun up 60,707 banking websites to attempt to siphon off stimulus funds.
Hackers target remote workers and those quarantined. Collaboration and communication phishing sites saw a 50% increase from January to March, as a large majority of the workforce began working from home. Streaming phishing sites saw an 85% increase from January to March, with over 209 websites being created per day — attempting to capitalize on those looking for entertainment during lockdowns.
COVID gets its own malicious cryptocurrency. Bolster discovered multiple phishing websites peddling fake COVID-19 cryptocurrencies and crypto wallets that aim to siphon data for future phishing, targeted malware, or credential stealing. One COVID-19 cryptocurrency bills itself as “The World’s Fastest Spreading Crypto Currency” and attempts to get visitors to download suspicious files off GitHub. Another site prompts visitors to register to find out more information about a COVID coin that “gains value as more people die and get infected.”
“We anticipate phishing site creation will continue to increase, especially as we proceed further into a COVID-minded world. The phishing lures and tactics of cybercriminals will consistently evolve to keep up with the rapidly changing threat landscape, but the underlying credential theft will not,” said Abhishek Dubey, Co-Founder and CEO, Bolster. “Cybersecurity conscious organizations will need to work together and leverage AI, automation and security training to effectively combat phishing and online fraud during this surge and beyond.”
To view the full report and findings, please visit: www.bolster.ai/reports
Visit Bolster’s COVID-19 Global Online Phishing and Scams Dashboard – a real-time consortium for the cybersecurity community to share and identify data on coronavirus phishing and scams.
Bolster is a deep learning-powered fraud prevention platform protecting the world's leading brands from counterfeit activity. Bolster provides a comprehensive platform to defend brands from online scams and account takeovers through capabilities like real-time phishing detection. These techniques allow organizations across various industries and sectors to increase business revenues as well as customer loyalty and trust. By utilizing artificial intelligence to automate tasks and increase productivity, Bolster has introduced an unprecedented, proactive approach to online customer protection and counterfeit site takedown.
Encouraging organizations also to check and detect potential fraudulent websites and phishing scams, the company created CheckPhish.ai, a free, open-source community tool.
Bolster's team has more than 91 years of combined cybersecurity experience from industry-leading companies, including Cisco, Symantec, McAfee, Bell Labs, and Open DNS. Founded in 2017 and based in Los Altos, California, Bolster has raised $10M in Series A funding led by Thomvest Ventures and Crosslink Capital. For information about Bolster, please visit Bolster.ai and follow us on LinkedIn and Twitter @BolsterAI.