"The phishing lures and tactics of cybercriminals will consistently evolve to keep up with the rapidly changing threat landscape, but the underlying credential theft will not."
Abhishek Dubey, Bolster CEO and Co-Founder
Bolster, the AI powered fraud prevention company that protects some of the largest Fortune 500 companies from counterfeit activity, has just released its Q1 2020 State of Phishing and Online Fraud Report: COVID Edition.
This new report contains data obtained using Bolster’s AI engine which has analyzed over 1 billion websites to provide an in-depth audit of how phishing and online fraud is affecting enterprises, SMBs, non-profits, and the online consumer community.
The report shows that, in Q1 2020, Bolster detected 854,441 confirmed phishing and counterfeit pages and 4 million suspicious pages with SaaS, Telecoms, Finance, Retail, and Streaming being the most affected industries.
Bolster is a deep learning-powered fraud prevention company founded in 2017 and based in Los Altos, California. Their technology defends brands from online scams and account takeovers through capabilities like real-time phishing detection. By utilizing AI to automate tasks and increase productivity, Bolster have introduced an unprecedented approach to counterfeit site takedown.
The biggest change reported in Q1 has been the surge in the phishing and counterfeit pages related to COVID-19. 3,000 phishing and counterfeit pages went live every day in January 2020 with that number soaring to over 8,000 in March 2020.
Bolster found over 100,000 websites related to COVD-19 medical scams and 150,000 suspicious domain registrations related to stimulus checks and loans. The number of websites that claim to offer small business loans jumped 130 percent from February to March. There were also over 60,000 fraudulent banking websites created to attempt to siphon off stimulus funds.
Quarantined workers were also targeted. Bolster saw a 50% increase in phishing websites as a large majority of the workforce began working from home. Streaming phishing sites saw an 85% increase from January to March, with over 209 websites being created every day.
Bolster’s deep learning-powered fraud prevention platform also discovered multiple phishing websites offering fake COVID-19 cryptocurrencies and crypto wallets that aim to siphon data for future phishing, targeted malware, or credential stealing. One morbid example attempted to offer a ‘COVID coin’ that gains value as more people die.
"We anticipate phishing site creation will continue to increase, especially as we proceed further into a COVID-minded world. The phishing lures and tactics of cybercriminals will consistently evolve to keep up with the rapidly changing threat landscape, but the underlying credential theft will not." says Abhishek Dubey, Co-Founder and CEO of Bolster.
“Phishing and scamming go where the people go.” adds Jason Alafgani, Bolster’s Director of Marketing. “Whether for their jobs or for entertainment, people flocked to online technologies during this COVID crisis and the scammers capitalized on the elevated interest. There are many more people interacting online in unfamiliar ways. The more people online, the more opportunities to scam. The more unfamiliar the processes, the easier it is for a scam to slip through.”
The distribution of phishing websites occurs across all popular digital mediums including web search, advertising, email, social media, and messaging apps. Whilst education can prevent potential victims from visiting these websites and entering their own credentials, technology - such as Bolster’s – can help remove the threat from ever reaching the victim in the first place.
"Cybersecurity conscious organizations will need to work together and leverage AI, automation and security training to effectively combat phishing and online fraud during this surge and beyond." explains Abhishek Dubey.
“Past solutions have been overly reliant upon human oversight or reactive blacklists. Our AI engine analyzes the content of the page, similar to how a person might spot a scam. Our engine uses computer vision and NLP to look at images and read text on the page. This enables our engine to detect, verify and takedown a fraudulent page without any human intervention - in as little as 2 minutes.” adds Jason Alafgani.
The statistics contained in Bolster’s report will perhaps come as a surprise to those outside of the industry. We have heard about so many scams over recent years that you’d think people would generally be more savvy and suspicious - Bolster’s report clearly demonstrates otherwise. We asked them about how they felt about the impact that their technology is making:
“We’re proud of our platform's ability to make a publicly demonstrable difference in the business fraud and phishing problem. We think about delivering customer value in terms of where they started on the most-phished companies list and where are they now. Many of our customers were among the top phished in the world and then dropped out of the lists entirely” concluded Jason Alafgani.
Online scams have the potential to impact any one of us and, at least in the short term, it seems inevitable that scam websites will continue to increase in number. All businesses therefore need to tackle that growth both through education and with automated real-time solutions. Bolster plan to continue to develop their technology further in their aim to help more companies through delivering the best solution on the market.
To view the full report and findings, please visit: www.bolster.ai/reports
You can also visit Bolster’s COVID-19 Global Online Phishing and Scams Dashboard – a real-time consortium for the cybersecurity community to share and identify data on coronavirus phishing and scams.