Phishing email creators rely on a short shelf life to beat your defences

Credit: ID 95319058 © Amin Yusifov |

More than 60 percent of phishing exploit kits are active for less than 20 days, according to new figures that highlight cybercriminals’ rapidly-changing tactics and the dominance of phishing attacks on Microsoft, PayPal, Dropbox, and DHL.

An Akamai analysis of 262 days’ worth of security data – part of the firm’s latest State of the Internet report – identified 62 different phishing kits that mimicked the Microsoft brand, with 3897 related domains handling clickthroughs and the associated distribution of malware.

Microsoft’s ubiquity has long made it a popular exploitation method for scammers: a malware downloader recently discovered by Proofpoint and dubbed WhiteShadow, for example, loaded Word and Excel email attachments with Microsoft Office macros that use SQL commands to retrieve and install malware from remote databases.

Some 14 different kits leveraged PayPal during Akamai’s observation period, with Dropbox used by 11 different kits due to its common usage as a conduit for shared files and photographs.

Around 43 percent of observed phishing kits were deactivated within 10 days, the analysis found – highlighting a tactic that, the firm said, reflects cybercriminals’ desire to “keep the kit below the radar”.