In the December 2024 survey we received responses from 1,149,724,280 sites across 272,582,582 domains and 13,260,653 web-facing computers. This reflects an increase of 8.6 million sites, 550,526 domains, and 146,420 web-facing computers. nginx experienced the largest gain of 6.4 million…
Tag: Netcraft
How to Prevent Phishing Attacks
Contents How to Prevent Phishing Attacks How do these phishing attacks work? What’s the impact of these phishing attacks? Loss of Customer Trust Brand Reputation Damage Financial and Legal Ramifications Increased Customer Service Burden Why are so few organizations responding…
October 2024 Web Server Survey
In the October 2024 survey we received responses from 1,131,068,688 sites across 271,754,817 domains and 13,003,235 web-facing computers. This reflects an increase of 12.0 million sites, 971,957 domains, and 62,565 web-facing computers. OpenResty experienced the largest gain of 2.2 million…
Every Doggo Has Its Day: Unleashing the Xiū Gǒu Phishing Kit
Key data This article explores Netcraft’s research into Xiū gǒu (修狗), a phishing kit in use since at least September 2024 to deploy phishing campaigns targeting the US and UK, Spain, Australia, and Japan. Insights include: A branded mascot and…
Hook’d: How HookBot Malware Impersonates Known Brands to Steal Customer Data
Key data This article explores Netcraft’s research into the HookBot malware family and associated attacks on Android devices, including examples of: Typical HookBot behaviors, such as the use of overlay attacks The types of brands and apps being impersonated How…
Face Off: US Election Debate Sparks New Wave of Crypto-Doubling Scams
In the wake of the second US presidential election debate between Democrat Kamala Harris and Republican Donald Trump (September 10), Netcraft identified a series of crypto investment scams monopolizing on the publicity around this key event. Our research uncovered 24…
Problems in the Parking Lot: Threat Actors Use IRL Quishing to Target Travelers
This article explores Netcraft’s research into the recent surge in QR code parking scams in the UK and around the globe. Insights include: At least two threat groups identified, one of which Netcraft can link to customs tax and postal…
September 2024 Web Server Survey
In the September 2024 survey we received responses from 1,119,023,272 sites across 270,782,860 domains and 12,940,670 web-facing computers. This reflects an increase of 11.2 million sites, 717,065 domains, and 70,346 web-facing computers. Cloudflare experienced the largest increase of 3.1 million…
Scam Sites at Scale: LLMs Fueling a GenAI Criminal Revolution
This article explores Netcraft’s research into the use of generative artificial intelligence (GenAI) to create text for fraudulent websites in 2024. Insights include: A 3.95x increase in websites with AI-generated text observed between March and August 2024, with a 5.2x…
August 2024 Web Server Survey
In the August 2024 survey we received responses from 1,107,785,375 sites across 270,065,795 domains and 13,011,016 web-facing computers. This reflects an increase of 3.6 million sites, a loss of 364,061 domains, and an increase of 119,600 web-facing computers. Cloudflare experienced…
Mule-as-a-Service Infrastructure Exposed
New Threat Intelligence confirms connections underpinning pig butchering and investment scams Much like companies in the legitimate economy, criminals also specialize: focusing on their core strengths and using third-party Software-as-a-Service platforms and tools to outsource the rest of the business…
July 2024 Web Server Survey
In the July 2024 survey we received responses from 1,104,170,084 sites across 270,429,856 domains and 12,891,416 web-facing computers. This reflects an increase of 2.7 million sites, 1.3 million domains, and 25,984 web-facing computers. Cloudflare experienced the largest gain of 2.7…
Sophisticated AI-generated Gitbook lures phishing the crypto industry
For the past year, Netcraft researchers have been tracking a threat actor using generative AI to assist in the creation of 17,000+ phishing and lure sites. These sites operate as infrastructure for phishing attacks that target more than 30 major…
Two clicks from empty – IPFS-powered crypto drainer scams leveraging look-alike CDNs
More than $40k lost to crypto drainer scams leveraging IPFS and malicious code hidden behind look-alike CDN imitations. At Netcraft, we’ve been disrupting cryptocurrency-based scams for over 10 years, including more than 15,000 IPFS phishing takedowns since 2016. As we closely…
Two clicks from empty – IFPS-powered crypto drainer scams leveraging look-alike CDNs
More than $40k lost to crypto drainer scams leveraging IPFS and malicious code hidden behind look-alike CDN imitations. At Netcraft, we’ve been disrupting cryptocurrency-based scams for over 10 years, including more than 15,000 IPFS phishing takedowns since 2016. As we closely…
June 2024 Web Server Survey
In the June 2024 survey we received responses from 1,101,431,853 sites across 269,118,919 domains and 12,865,432 web-facing computers. This reflects an increase of 4.0 million sites, an increase of 981,220 domains, and a decrease of 33,027 web-facing computers. OpenResty experienced…
Too good to be true: Beware the temptation of recovery scams
Being a victim of fraud can be devastating enough, but that’s not always the end of the story. Often, fraud victims can be targeted again – only this time by people claiming that they can recover the victim’s initial losses. …
Trumped Up Crypto Scams – Criminals Deploy Trump Donation Scams
Criminals are opportunists, ready to exploit any perceived weakness, from humanitarian efforts to presidential campaigns. Recently, Netcraft has been monitoring a series of attacks surrounding the Trump campaign, particularly following two developments: the May 21st announcement of crypto donations and…
Flipping the script on pig butchering – $45 million is just the tip of the iceberg
Losses to investment scams, romance fraud, and pig butchering reached $4.6 billion in the United States, a 38% increase in 2023. These scams often play out in private peer-to-peer conversations between victim and criminal, well beyond the reach of typical…
Surge in fake pharmacy campaigns abusing Firebase link shortener
Fake pharmacies sell prescription-only drugs without a license and without requiring a valid prescription from a doctor. The storefronts are advertised to consumers through web searches, social media, and unsolicited spam emails. As you might expect, many of these platforms…
May 2024 Web Server Survey
In the May 2024 survey we received responses from 1,097,398,145 sites across 268,137,699 domains and 12,898,459 web-facing computers. This reflects an increase of 4.4 million sites, 202,938 domains, and 26,168 web-facing computers. Cloudflare experienced the largest gain of 4.4 million…
Netcraft Announces New AI-Powered Innovations to Disrupt and Expose Criminal Financial Infrastructure
Netcraft, the global leader in digital risk protection and threat intelligence, announced its new Conversational Scam Intelligence platform at RSAC in San Francisco, which builds on Netcraft’s intentional approach to using AI to stay ahead of criminals and protect client…
RSA Conference 2024 – Where it all started and where to find our team
On Monday 6th May, Netcraft will be heading to San Francisco along with thousands of other cyber security professionals for RSA Conference 2024. If you’re attending too, we thought we’d share a few insights into how it all started. Use…
April 2024 Web Server Survey
In the April 2024 survey we received responses from 1,092,963,063 sites across 267,934,761 domains and 12,872,291 web-facing computers. This reflects a gain of 2.8 million sites, a loss of 3.9 million domains, and a gain of 244,716 web-facing computers. OpenResty…
Autodesk hosting PDF files used in Microsoft phishing attacks
Autodesk is hosting malicious PDF files that lead phishing attack victims to have their Microsoft login credentials stolen. The elaborate phishing campaign behind these attacks is much more convincing than normal, as it uses compromised email accounts to find and…
The AI Gold Rush: ChatGPT and OpenAI targeted in AI-themed investment scams
Investment scams and AI – a match made in heaven? Online investment scams are a big money spinner for criminals, accounting for $4.6B of losses in the US. With the explosion of interest in artificial intelligence (AI) following the…
UN? FBI? World Bank? Deepfake police chief used for compensation scam video
Advance fee fraud campaigns are using generative AI in both text and video to speed up responses, evade filters, and make scams more convincing. Large Language Models and other forms of Generative AI (GenAI) promise to make many people more…
Out of the shadows – ’darcula’ iMessage and RCS smishing attacks target USPS and global postal services
Chinese-language Phishing-as-a-Service platform ‘darcula’ targets organizations in 100+ countries with sophisticated techniques using more than 20,000 phishing domains ‘darcula’ [sic] is a new, sophisticated Phishing-as-a-Service (PhaaS) platform used on more than 20,000 phishing domains that provide cyber criminals with easy…
March 2024 Web Server Survey
In the March 2024 survey we received responses from 1,090,117,902 sites across 271,804,260 domains and 12,627,575 web-facing computers. This reflects an increase of 3.2 million sites, 662,534 domains, and 138,322 web-facing computers. OpenResty experienced the largest gain of 3.0 million…
Cloudflare loses 22% of its domains in Freenom .tk shutdown
A staggering 12.6 million domains on TLDs controlled by Freenom (.tk, .cf and .gq) have been shut down and no longer resolve, leading to a significant reduction in the number of websites hosted by Cloudflare. The disappearance of these websites…
Online investment scams: Inside a fake trading platform
Online investment scams are a global, growing, and uniquely pernicious threat. In newly released data, the Federal Trade Commission attributed more than $4.6 billion of US fraud losses in 2023 to investment scams, more than any other fraud category, and…
What Apple is afraid of — pre-DMA alternative iOS app stores are already riddled with malware
Ahead of the EU’s Digital Market Act forcing Apple’s hand to permit alternative app download options, is the amount of malware in the existing grey-market for sideloading iPhone apps a portent for things to come? Or has Apple’s approach, despite…
February 2024 Web Server Survey
In the February 2024 survey we received responses from 1,086,916,398 sites across 271,141,726 domains and 12,489,253 web-facing computers. This reflects an increase of 7.8 million sites, 694,270 domains, and 151,543 web-facing computers. OpenResty made the largest gain of 4.7 million…
Phishception – SendGrid is abused to host phishing attacks impersonating itself
Netcraft has recently observed that criminals abused SendGrid’s services to launch a phishing campaign impersonating SendGrid itself. The well-known provider, now owned by Twillio, makes sending emails at scale simple and flexible. In addition to scale, the promise of high…
PHP-less phishing kits that can run on any website
Criminals can now deploy phishing sites on any type of web server, even when commonly used server-side technologies such as PHP are not supported. Phishing kits are predominantly implemented in PHP, as this provides the server-side functionality required to store…
January 2024 Web Server Survey
In the January 2024 survey we received responses from 1,079,154,539 sites across 270,447,456 domains and 12,337,710 web-facing computers. This reflects a loss of 8.9 million sites, a gain of 1.2 million domains, and a loss of 17,900 web-facing computers. nginx…
New Year, New Scams – Health product scam campaigns abusing cheap TLDs
In recent months, we’ve noticed an increased number of high-volume health product campaigns that exploit cheap top-level domains (TLDs), reaching up to 60% of a TLD’s daily domain registrations. This blog looks at current trends around health product scams and…
“Quishing” you a Happy Holiday Season
QR Code phishing scams — What they are and how to avoid them. Originally invented to keep track of car parts in the early 90s, QR codes have been around for decades. After gaining broader acceptance during the COVID-19 pandemic,…
December 2023 Web Server Survey
In the December 2023 survey we received responses from 1,088,057,023 sites across 269,268,434 domains and 12,355,610 web-facing computers. This reflects a loss of 4.1 million sites, an increase of 238,593 domains, and a loss of 128,028 web-facing computers. nginx experienced…
It’s not cricket! Sri Lanka and Bangladesh co-host phishing attack
Sri Lanka and Bangladesh have a successful history of co-hosting the Cricket World Cup, but today the two countries’ governments have found themselves on a sticky wicket by co-hosting a phishing attack that targets UK banking customers. Victims lured to…
.zip TLD: six months on, and still rollin’
It has been six months since Netcraft first reported on abuse of the new .zip TLD, outlining the fraudulent activity we detected and blocked. Within weeks of its launch, Netcraft had detected many fresh .zip domain registrations designed to exploit…
November 2023 Web Server Survey
In the November 2023 survey we received responses from 1,092,141,942 sites across 269,029,841 domains and 12,483,638 web-facing computers. This reflects a loss of 1.2 million sites, a gain of 1.1 million domains, and a gain of 112,102 web-facing computers. OpenResty…
Fake Online Stores See A 135% Spike As Black Friday And Holiday Shopping Approaches
As Black Friday (and Cyber Monday) approaches, the annual online sales phenomenon shows no sign of slowing down, and neither do cybercriminals looking to take advantage of the busiest shopping days of the year. The kick-off to holiday shopping, much…
Disrupting IPFS phishing attacks
The InterPlanetary File System (IPFS) is a content-addressed peer-to-peer file sharing network from Protocol Labs being exploited by cybercriminals to host phishing sites and other malicious content. Often associated with the web 3.0 movement, it allows its users to upload,…
The rise of .ai: cyber criminals (and Anguilla) look to profit
Given the global interest in artificial intelligence (AI), it comes as no surprise that cybercriminals are looking to exploit the media hype. 2023 has seen a rapid increase in AI-themed attacks, following the release of Large Language Model (LLM)-powered chatbot…
October 2023 Web Server Survey
In the October 2023 survey we received responses from 1,093,294,946 sites across 267,962,271 domains and 12,371,536 web-facing computers. This reflects an increase of 8.3 million sites, 13.2 million domains, and 96,682 web-facing computers. The largest gains this month came from…
September 2023 Web Server Survey
In the September 2023 survey we received responses from 1,085,035,470 sites across 254,776,456 domains and 12,274,854 web-facing computers. This reflects a loss of 8.7 million sites and 682,961 domains, but a gain of 112,383 web-facing computers. OpenResty saw a large…
Phone scams conducted using PayPal’s own invoicing service
Phishing attacks often start with an email or text message that links to a malicious web site designed to steal sensitive information. However, some instead direct recipients to call a phone number. Despite claiming to belong to a legitimate organization these…
Netcraft Acquires FraudWatch to Cement Leadership in Cybercrime Detection & Takedown; Delivers Online Brand Protection at Scale Supported by 24/7 Security Operations Center
Netcraft, global leader in cybercrime detection, disruption, and takedowns, announced today the acquisition of FraudWatch, a leading Australian online brand protection provider focused on phishing, social media, brand infringement, and fake mobile apps. This article has been indexed from Netcraft…
August 2023 Web Server Survey
In the August 2023 survey we received responses from 1,093,748,332 sites across 255,459,417 domains and 12,162,471 web-facing computers. This reflects a loss of 7.5 million sites and 259,924 domains, and a gain of 36,515 web-facing computers. OpenResty had the largest…
Impact of Freenom halting registrations on cybercrime
Freenom, which offers free domain names in .tk and several other ccTLDs, is being sued by Meta for ignoring abuse complaints. Freenom subsequently paused new domain registrations in March 2023. This article has been indexed from Netcraft Read the original…
July 2023 Web Server Survey
In the July 2023 survey we received responses from 1,101,218,364 sites across 255,719,341 domains and 12,125,956 web-facing computers. This reflects a loss of 5.5 million sites, but a gain of 231,918 domains and 19,453 web-facing computers. Google saw the largest…
Netcraft Secures First Funding with Over $100M from Spectrum Equity; Names Experienced Technology Executive Ryan Woodley as New CEO
Netcraft, the global leader in cybercrime detection, disruption, and takedowns announced today that the company has raised over $100M from Spectrum Equity. This article has been indexed from Netcraft Read the original article: Netcraft Secures First Funding with Over $100M…
June 2023 Web Server Survey
In the June 2023 survey we received responses from 1,106,671,903 sites across 255,487,423 domains and 12,106,503 web-facing computers. This reflects a loss of 2.7 million … Read More This article has been indexed from Netcraft Read the original article: June…
Case Study: Global bank with >$1 trillion in assets under management
How a global bank uses Netcraft’s detection and disruption services to perform takedowns on thousands of phishing attacks each year with a 100% success rate. … Read More This article has been indexed from Netcraft Read the original article: Case…