The number of phishing resources is growing significantly due to cheap ready-made solutions

In January-February, more than 40 thousand phishing resources were identified on the RuNet; at the end of 2023, their number increased almost one and a half times and tripled compared to 2021. One way or another, “copying” affected 70–90% of large Russian companies and banks, cybersecurity experts estimate. Experts attribute the trend to the reduction in cost and simplification of the technology for creating fraudulent sites, as well as “improving attack methods.” In their opinion, to increase the effectiveness of the fight against phishing, it is necessary to speed up the processes of blocking and separating them.

The number of phishing resources identified last year increased by 48%, to 212 thousand, according to BI.ZONE data. In 2022, it detected 111 thousand such sites, and in 2021 – 70 thousand. In January and February 2024 alone, 41 thousand fraudulent resources were identified. BI.ZONE data is based on monitoring phishing search systems in more than 1,100 domain zones.

A significant increase in the number of identified phishing sites is confirmed by data from the Integral Research Institute, the operator of the Anti-Phishing system of the Ministry of Digital Development. The institute’s information and analytical report for 2023 states that the system identified 355 thousand resources – 70% more than a year earlier. Of these, 40 thousand are directly phishing. Data for 2022 is not presented in the report. The Ministry of Digital Development did not respond to the request.

Integral associates the trend with scammers using ready-made solutions to create phishing resources, which reduces their cost. In addition, the research institute says, the system “expanded its monitoring coverage” and improved methods for searching for fraudulent sites, which increased the number of resources detected.

According to BI.ZONE data for February, scammers created phishing resources in which they used the name or identity of 70% of the largest Russian companies by net profit for 2023 and 90% of the most popular banks. “Organizations are not responsible for the unlawful use of their brand, as well as for the damage caused as a result,” clarifies the head of BI.ZONE Brand Protection Dmitry Kiryushkin.

In 2023, the number of phishing resources exploited by Russian brands grew by 32%, exceeding 29 thousand, says Ivan Lebedev, head of the phishing protection group at FACCT: “Today, in a few clicks, criminals can create a phishing page and massively distribute a link to it via social networks or instant messengers.” Simplifying the technology “lowers the barrier to entry” for new scammers.

According to the head of the security analysis department at MTS Bank, Sofia Bocharova, to improve the detection of phishing sites and emails, it is necessary to “introduce artificial intelligence technologies, introduce biometric identification and educate users.” Pavel Kovalenko, director of the Informzashita anti-fraud center, agrees with her. He confirms that, despite the work of the Anti-Phishing system, the number of Russian companies “copied” by scammers is growing: “The ineffectiveness of the system may be associated with the constant improvement of attack methods.”

Integral emphasizes that the main issue in the fight against phishing resources remains speeding up decisions to block or separate them (that is, turning off domain names), as well as improving the legislative framework. However, the situation is complicated by the migration of scammers abroad. “In 2023, we observed a mass exodus of phishing sites from Russian hosting providers to servers in the Netherlands and the United States. The share of fraudulent resources that were hosted by hosters in the Russian Federation decreased from 73% to 41%,” explains Ivan Lebedev. In his opinion, this is due to the successful detection and blocking of fraudulent sites by “competent organizations and regulators.”

Alexey Zhabin, Yulia Poslavskaya