Each month, OpenPhish analyses tens of millions of URLs to identify phishing content. This report breaks down the shifts in targeted brands, industries, and phishing infrastructure. Data for this report is generated using our Phishing Database.
October saw an increase of 38% in phishing volume over September, with the e-Commerce industry seeing a whopping 547% increase in phishing activity. Additionally, phishing URLs impersonating social networking services rose by 32% from the previous month. 65% of phishing URLs used HTTPs, a decline from 77% in September.
| Brand | Industry | Hostnames |
|---|---|---|
| Amazon | e-Commerce | 7636 |
| Social Networking | 2245 | |
| Office365 | Online/Cloud Service | 1268 |
| Social Networking | 992 | |
| Outlook | Online/Cloud Service | 866 |
| Tencent | Online/Cloud Service | 693 |
| Crypto & Wallet | Cryptocurrency | 593 |
| Webmail Providers | Online/Cloud Service | 468 |
| Wells Fargo | Financial | 435 |
| SMBC | Financial | 433 |
In October, we saw an 8x increase in phishing volume targeting Amazon, making it the most impersonated brand for the month. SMBC and Wells Fargo entered the top 10 list after a 3x and 1.5x increase in phishing volume, respectively. IRS and Instagram dropped from the list. Phishing volume targeting various cryptocurrency services increased by 50% month-over-month.
| TLD | Type | % Phishing URLs |
|---|---|---|
| com | gTLD | 36.70% |
| org | gTLD | 6.12% |
| cn | ccTLD | 5.63% |
| shop | gTLD | 4.72% |
| com.cn | ccTLD | 3.99% |
| ru | ccTLD | 3.30% |
| net | gTLD | 3.23% |
| xyz | gTLD | 1.92% |
| app | gTLD | 1.66% |
| com.br | ccTLD | 1.58% |
Threat actors exploited a total of 417 TLDs for phishing content, an increase of 18% in comparison to the previous month. The legacy TLDs .com, .net, and .org accounted for nearly 50% of the phishing URLs. The most commonly abused TLD remains .com
| ASN | ASN Name | Hostnames |
|---|---|---|
| AS13335 | Cloudflare, Inc. | 8674 |
| AS46606 | Unified Layer | 2603 |
| AS8075 | Microsoft Corporation | 1413 |
| AS27647 | Weebly, Inc. | 1061 |
| AS14061 | DigitalOcean, LLC | 1036 |
| AS16509 | Amazon.com, Inc. | 826 |
| AS22612 | Namecheap, Inc. | 825 |
| AS8100 | QuadraNet Enterprises LLC | 804 |
| AS204915 | Hostinger International Limited | 685 |
| AS15169 | Google LLC | 679 |
A total of 1166 ASNs hosted phishing sites, an increase of 16% in comparison to September. Cloudflare saw a 4x increase in the number of unique hostnames. QuadraNet Enterprise has the second-highest growth, with 75%. Phishing content on Amazon dropped by 10% in comparison to the previous month.