In the first half of this year, the number of potential phishing domains increased by 14%, while phishing domains with valid certificates doubled to 1,900, a new study[pdf] by Normshield found. Last year, 8.5% of phishing domains used a valid certificate and this number is expected to grow to 15% this year. These figures confirm that users can no longer assume websites to be safe just because there is a “padlock” icon next to the address bar.
Phishing is an evolving threat that puts virtually any organization at risk, and financial institutions are popular targets in particular. Bob Maley of Normshield says that the evolution of these attacks follows the logic of “OODA — observe, orient, decide, and act.” This war-fighting concept is used by security experts as well, but Maley fears that cybercriminals may be going through the OODA loop faster than infosec professionals.
Read more: Financial Phishing Grows in Volume and Sophistication in First Half of 2019