Web Browser Phishing Has Nearly Tripled Since 2023

by | Feb 25, 2024

According to a study by the Menlo Labs Threat Research team, web browser phishing has increased by 198%. That’s nearly triple what it was in 2023. 30% of those attacks showed evasive techniques, meaning they completely bypassed detection systems designed to stop them. As a result, phishing websites have started appearing as legitimate searches for some people.

What Is a Web Browser Phishing Attack?

A web browser phishing attack is a form of cyberattack that’s aimed at people browsing the internet. These attacks can involve creating fake web pages or exploiting vulnerabilities within legitimate websites to trick users into believing they are interacting with a trustworthy site. The goal is to steal sensitive information like login credentials, credit card numbers, or other personal data.

Hackers Are Abusing SEO To Build Web Search Trust

Search engine optimization (SEO) is a method of optimizing content and web pages to be more search friendly. It’s a technique to draw website traffic and help people who search specific topics or phrases to be guided to websites that best answer their questions. Search engines usually prevent malicious websites from getting traffic, even if they exploit SEO.

Unfortunately, cybercriminals are abusing SEO by making “sleeper” websites that may be legitimate early on to build website trust and authority. While we won’t deep dive into how that works, what it does is trick search engines into thinking it’s an honest website. Eventually, they enable their phishing scam while using search rankings to trick their traffic. We showed a similar example of this last year, where a domain abused some of these tactics to rank higher than the real website for specific target regions.

Unsecure Browser-Trusted Websites Are Being Hacked

In other cases, hackers are taking control of legitimate websites that are outdated or may lack more advanced security measures. Rather than developing fake trust with SEO, they take over one that users and search engines already trust. In many cases, these are inactive websites that are primarily maintained but aren’t regularly updated or monitored. Regardless of which direction they go, they primarily target off-the-radar websites in specific markets.

AI Text Generation Makes Phishing More Convincing

AI text generation can make surprisingly convincing and solidly written content. There are a lot of flaws to it, which we won’t get into here, that still make it imperfect. However, the average person is unlikely to notice when something is written by AI when prompted well. If someone uses a search engine in their web browser and clicks on a helpful website that answers their question, it establishes trust. Abusing that faith in the website is what makes phishing attacks much more effective.

Why Web Browser Phishing Attacks Are Increasing

Having nearly tripled since 2023, the reason web browser phishing attacks are increasing is simple: they’re working. Companies like Google block over 100 million phishing emails daily, pressuring cybercriminals to look into other tactics. Much like a business, hackers focus their time and resources on tactics that give the most money in return while being mindful of risk. If they see worthwhile success, they’ll continue to hijack web browsers and search results.

Phishing Is Just the First Step in Cybercrime

While losing sensitive information in a phishing attack is never good, it’s only the first step. The real damage comes from how that stolen data is used. Stolen login credentials can give access to personal or work accounts, which can snowball into more problems. Credit card information can be taken and used to make purchases until it gets flagged by the bank. The data is also commonly resold, meaning users should assume that anyone can view it once data is stolen.

How To Protect Yourself From Web Browser Phishing

With web browser phishing multiplying and phishing attempts looking surprisingly convincing, staying safe is trickier than ever. Any time you visit a website, it’s worth being mindful of a few things:

  • Be careful which websites you enter credit card details on. All it takes is some billing information, and your credit card can be used to make fraudulent purchases.
  • Make sure the websites you interact with are connected to a well-established business. Many companies have a social media presence where you can confirm web links.
  • Use unique passwords for all your accounts. That way, if one set of login credentials are stolen, it won’t give them access to other accounts that share the same email address.
  • Keep your security software and web browser regularly updated. Many cyberattacks use recently discovered exploits to target those who update less often.
  • Add an extra security layer to your accounts, such as multi-factor authentication (MFA). That can help prevent unauthorized logins even if the credentials are stolen.

At the end of the day, using good cybersecurity habits is your best way to stay safer. Cyberattacks can come in any shape, size, or direction. Web browser phishing attacks are the latest trend, and as we figure out ways to counter this threat, something entirely different may appear next. That’s why we always recommend reading IT blogs and watching social media to stay a step ahead of any new threats.

Get IT Support