In this month’s cloud security report, we refocus on phishing looking at the length of phishing URLs compared to safe URLs, what day of the week you’re most likely to be phished, and how phishing URLs are analyzed for risk.

On top of the above, we’ve got the usual iOS vs Android users, round up of security news from August and the top leaky apps we’ve seen in our database.

Length of requests made to unsafe domains compared to safe domains

The length of a URL can be a telltale sign of a phishing attack. As you can see from the graph, legitimate URLs typically sit between 20 and 44 characters, anything beyond that is most likely a phishing link. On average, requests made to unsafe domains were 1.8x the length of requests made to safe domains.

Having some visibility of URL length is beneficial in identifying phishing attacks. Spotting suspicious links is problematic on smartphones and tablets where modern browsers truncate URLs for a sleeker design. Users need to apply a greater level of scrutiny when using browsers on mobile devices, particularly given the rise in use of punycode in phishing URLs.

Requests made to phishing domains by day of the week

In last month’s cloud security report, we looked at the time of day of phishing attacks, this month, we naturally looked at the day of the week.

Requests made to phishing domains were largely stable during the week aside from Monday which seems like a quiet day for phishing. Interestingly, Saturday was the day with the highest number of requests made to phishing domains.

At their peak during the weekend, phishing attacks are 6.32% more frequent than during the weekday peak. It reinforces the idea that while employees are away from the office, not in ‘work’ mode, they are more susceptible to phishing attacks on corporate devices due to being in a relaxed state of mind.

Comparing Software-Defined Perimeter (SDP) with Virtual Private Networks (VPN)?

As the market moves toward ZTNA security models, there have been calls to get rid of VPN. But what exactly are the differences between SDP and VPN and how can SDP help businesses achieve Zero Trust security? Our latest whitepaper provides a deep dive into the two technologies.

Read the report

iOS devices are 3.2x more likely to be impacted by leaky applications than Android devices.

Top 5 apps leaking your location

1 | TuneIn Radio
2 | NCP Car Park Finder
3 | Heart Booth – FREE
4 | DBS Lifestyle
5 | Flipboard: Your Social News Magazine

ICYMI: August's Security News Roundup

Analyzing Phishing URLs from Data Science Monthly

Continuing the theme of phishing, our Data Science team compared the average features of safe URLs with phishing URLs. Our threat intelligence engine, MI:RIAM, analyzes the riskiness of a URL against a multitude of factors as summarized in the graph below. The big differences between safe URLs and phishing URLs include:

  • When a brand is being mocked, the URL is 1310x more likely to be a phishing link than safe
  • When a suspicious keyword is being used like account, support, or verify, the URL is 3.9x more likely to be phishing than safe
  • When the subdomain lacks order or predictability that is typically expected in safe domains, it is 4.1x more likely to be phishing than safe
  • When a URL has been constructed unusually e.g., the URL is 2.2x more likely to be phishing than safe
  • When a URL could be composed to deceive a user e.g., it is 3.1x more likely to be phishing than safe
  • URLs with suspicious punycode are 207.5x more likely to be phishing than safe
  • An unusual TLD composition e.g. is 3.7x more likely to be a phishing URL than safe.

These differences may not be obvious to the general internet user, hence the reason why the use of machine learning has become critical in identifying phishing attacks.

We're here to help you

The world of work is being completely reshaped, and remote working has become critical for business continuity. If you need any assistance with your remote working challenges, please get in touch.

Get in Touch