Financial institutions and digital transaction brands continue as favorite targets of phishing campaigns according to a third-quarter phishing trend report from San Francisco-based digital threat management solutions provide RiskIQ.
In a follow-up to its Q3 mobile threat landscape report The RiskIQ research team observed 931,665 unique blacklisted phishing URLs in the third quarter. Of these, 27,868 were unique domains, down from the 39,320 in Q2. Overall detections decreased slightly in Q3 with the Bay Area firm observing a total of 279 brands targeted by phishing campaigns, down from the 316 in Q2. They owe that to the cyclical nature of phishing campaigns. While the method and frequency of phishing campaigns vary, the threat remains consistent.
Financial services and digital transaction brands continue to be favorite targets. The breakdown of the Q3 top-10 brands is:
- 40% financial institutions
- 20% large tech companies
- 20% digital transaction providers
- 10% cloud storage providers
- 10% social media platforms
RiskIQ blogger Andrew Geiger maintained, phishing actors are always innovating and creating new methods to lure victims into gaining access to their financial information, personally identifiable information, and user accounts. any angle they can play to get their victims to enter their information, they'll use.
According to RiskIQ, despite the differences in detection amounts between Q2 to Q3, GoDaddy and PublicDomainRegistry continue to be the most affected of the top-five registrars.
There are two types of phishing sites: those using compromised websites and those using malicious registrations. One noteworthy trend from Q2 that continued in Q3 was the rise of privacy-protected registrations used in malicious registrations, which RiskIQ observed throughout its data. "We also noticed several syntax patterns in our registrant email data, such as threat actors registering phishing domains with throwaway emails that follow similar syntax patterns—first initial and last name for example." However, RiskIQ also noticed less obvious, high-entropy patterns more difficult to spot such as randomly generated alphanumeric strings using the same amount of characters.
"As in Q2, the hosting provider with the highest amount of affected URLs was an outlier in our data. This time around, hosting provider Ecotel supplanted Zenedge LLC, as the leader. As with the rest of the Q3 data, the hosting provider data is indicative of overall detections being down," the RiskIQ blog read.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
