The lifespan of most phishing pages is as brief as that of an adult mayfly, according to new research by cybersecurity company Kaspersky.
Between July 19 and August 2, 2021, researchers analyzed 5,307 examples of phishing pages. They found that within 13 hours of monitoring commencing, a quarter of all pages had become inactive.
A sizable chunk of links (1,784) ceased functioning after the first day of monitoring, and half of the phishing pages included in the study survived no more than 94 hours.
Researchers emphasized the importance of repelling spam attacks with fraudulent links within the first few hours, when the potency of a phishing page is at its highest.
"It is important for users to remember that when they receive a link and have doubts about the legitimacy of the site, we recommend they wait for a few hours," said Egor Bubnov, security researcher at Kaspersky.
"During that time, not only will the likelihood of getting the link in the anti-phishing databases increase, but the phishing page itself can stop its activity."
Explaining why the lifecycle of phishing pages is so fleeting, researchers wrote: "With every hour of life of a new site, it appears in more anti-phishing databases, which means that fewer potential victims will visit it."
What determines the lifespan of a page is how long it takes for site administrators to detect the threat and remove it.
"Even if phishers have deployed their own server on a purchased domain, if they are suspected of fraudulent activity, the registrars may deprive the phishers of the right to host the data on it," noted researchers.
When a phisher's page is identified by site administrators, the cyber-criminal typically prefers to create a new page instead of modifying an existing one.
"In addition, very rarely phishers may change the page in order to avoid being blocked," wrote researchers. "For example, if phishers use a brand as bait, they might alter it to another one. However, most pages are simply blocked by the time phishers decide to change the form of activity."