On average, 113,500 phishing wildcards are added to Kaspersky Lab's anti-phishing database monthly this year, an increase of 17.5 percent from last year.
A phishing wildcard is a set of symbols describing a group of links detected by the system as phishing links, said the security solutions provider in a media statement. It added that one wildcard has the ability to detect several thousand active links to phishing pages.
Unlike phishing sites in the past, today's phishing sites operate for only a few hours. Nadezhda Demidova, content analyst at Kaspersky Lab, explained that doing so will make it impossible for the site to earn a bad reputation and enable it to be placed in the anti-phishing databases established by security companies.
Detecting this new type phishing site thus require anti-phishing solutions to carefully monitor the relevance of phishing wildcards stored in the database. For instance, Kaspersky Lab's anti-phishing solution combines a database of phishing wildcards on the endpoint with a constantly updated database in the cloud and heuristic analysis. By doing so, if a URL is not listed in any database, the heuristic module will look for evidence of anything suspicious in both the URL and the HTML content of the website, said the security solution provider.
Besides relying on security solutions, Kasperky Lab advises users to practise good online safety habits to prevent themselves from falling prey to phishing. The habits include entering all addresses into the browser address bar manually, checking if the site uses a secure connection, not clicking links on suspicious sites or those received from untrusted sources via email, and not entering sensitive data while using a public Wi-Fi network.
Sign up for CIO Asia eNewsletters.