More than 20% of the sites used for phishing are not detected by current blacklists as malicious, even days after the start of an attack, according to new research published by internet-services firm Akamai.
The result is that at least 2.4 million visitors to those websites have encountered a potentially malicious attack in a four-month period starting last October, including a spike around Black Friday of nearly 400,000 victims, Akamai concluded. The phishing pages mimicked the legitimate sites of more than 20 different brands using graphics and resources stolen from those sites, the company said.
That the infrastructure of a fifth of phishing attacks is not detected for some time underscores the dangers that phishing continues to pose, says Or Katz, a security researcher at Akamai.
Read more: Dark Reading