One third of ‘phishing’ websites usually disappear within 24 hours

A report by Kaspersky claims that around one-third of ‘phishing’ websites have a lifespan of only 24 hours

A report by internet security firm Kaspersky, titled “Life cycle of phishing pages”, has concluded that half of the fake websites cybercriminals use in their ‘phishing’ schemes, have a life cycle of fewer than four days, and a third of them do not even last for the first 24 hours.
Phishing is a cybercriminal tactic that consists of impersonating a trusted entity and tricking the victim into providing their login credentials or other sensitive information. Banks, for example, are very commonly used in phishing campaigns for obvious reasons.
Cybercriminals usually initiate contact through a fake email, from which they redirect the victim to the fake website. Other variants of ‘phishing’ initiate contact via an SMS, known as ‘smishing’, or by a phone call, commonly called ‘vishing’.
Compiled by Kaspersky security researchers Egor Bubnov and Mikhail Sytnik, the report analysed 5,307 known fake websites. The end result reveals how quickly these websites are born and die, in order to escape “antiphishing” detection engines, and to subsequently avoid being indexed as what they really are.
Of the 5,307 websites monitored by Kaspersky for a month, 33 per cent (1,784) had disappeared before the end of their first day of detection. After 48 hours, the percentage increased to 42 per cent (2,238), 46 per cent (2,481) after 72 hours, and 50 per cent (2,654) by the end of the fourth day.
At the end of the thirty-day period, only 28 per cent of the fake websites remained accessible.
In most cases, fraudulent websites do not experience any changes before their removal, but when they do, they can be of two types. Cybercriminals might modify the company whose brand is used as a lure, indicating a change in target.
Alternatively, they can make changes to the code of the page, in order to prevent it from being blocked by browsers and search engines, after being detected as a fraudulent website. As Bubnov and Sytnik explain, “Any small change modifies the entire page’s hash value, which antiphishing engines use to identify similar pages”.
Analyzing the behavior of ‘phishing’ websites, the authors of the report recommend being cautious, and suggest waiting in the event of coming across a suspicious link, and checking if it is still active after a few hours, as reported by


Thank you for reading, and don’t forget to check The Euro Weekly News for all your up-to-date local and international news stories, and remember, you can also follow us on Facebook and Instagram.

Written by

Chris King

Originally from Wales, Chris spent years on the Costa del Sol before moving to the Algarve where he is a web reporter for The Euro Weekly News covering international and Spanish national news. Got a news story you want to share? Then get in touch at


    • david harris

      13 December 2021 • 15:37

      Hopefully the cowardly Scum get caught and serve Hard time.

    Comments are closed.