A new report shows a staggering 34.4% increase in phishing attacks in the last year.

2020 was a bad year to be someone susceptible to phishing attacks, a massive collection of data shows.

Phishing attacks saw a staggering 34.4% increase in activity in 2020 compared to the previous year, according to a new report by Webroot and OpenText. The report, which monitored over 285 million real-world endpoints and sensors, specialized third-party databases, and incorporated intelligence from end users such as Cisco and Citrix, shows the massive rise in phishing attacks launched in the last 12 months.

Breaking down the data month by month shows just how pronounced that increase has been. Between January and February 2020, the proportion of phishing attacks rose 510% alone. Over the course of 2020, the top five targets for phishing attacks were eBay, Apple, Microsoft, Facebook and Google – household names to users and therefore most likely to garner the attention of potential victims.

eBay’s dominance for phishing

The reliance of hackers on breaking into systems and extricating data through online shopping platforms was evident in February: three in every 10 phishing attacks launched that month were impersonating the online auction site.

By March 2020, other household names saw significant surges – likely as the first effects of lockdowns due to the coronavirus pandemic began to affect how we lived.

Phishing activity surged among streaming services YouTube (3,064%), Netflix (525%) and Twitch (337%), according to Webroot.

It all adds up to a concerning rise in the ability to fall victim to hack attacks. Phishing attacks, which spoof popular websites and brands in order to convince us to put in identifying information that can then be leveraged to access more personal data and bank accounts, is an ideal treasure trove of information for potential hackers.

“Gathered from over 285 million real-world endpoints and sensors, and leveraging the extensive BrightCloud network of industry-leading partners, this year’s Threat Report clearly shows how cybercriminals are willing and able to evolve their tactics to exploit collective human interest and current events,” said Prentiss Donohue of OpenText, which co-authored the report.

The need to secure data and devices is key

“The findings underscore the need for users and businesses of all sizes to enact a multi-layered approach to data security and protection given the persistent creativity of cybercriminals,” added Donohue.

How those cyber criminals sought to gain access to data was also monitored as part of the report. Across the whole of 2020, 54% of phishing sites used HTTPS, indicating that they have managed to undermine the purported assurance browsers are meant to feel when they access HTTPS-based websites.

The use of HTTPS was most heavily deployed to mimic cryptocurrency exchanges (70% of the time), ISPs (65%), and gaming (62%).

And once hackers have gained access to personal login details through phishing attacks, they quickly move to secure their ill-gotten access. Vast numbers of devices surveyed by Webroot contained some kind of malware infection, leaving them vulnerable to future attacks, or acting as a staging post for botnet attacks. Japan had the lowest PC infection rate, with 2.3% of devices corrupted somehow. In Europe, home devices were more than three times as likely to encounter an infection as business devices (17.4% versus 5.3%).

It’s not simply computers that are at risk, though. Webroot also analysed mobile devices, discovering that Trojans and malware on Android devices accounted for 96% of all threats detected, up from 2019.

The inability or unwillingness of some Android users to update their phones was the key way hackers found their way in: 90% of Android infections were on devices where the operating system was outdated.