{"id":3938,"date":"2025-09-23T11:50:27","date_gmt":"2025-09-23T11:50:27","guid":{"rendered":"https:\/\/certera.com\/blog\/?p=3938"},"modified":"2025-09-23T11:50:28","modified_gmt":"2025-09-23T11:50:28","slug":"phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally","status":"publish","type":"post","link":"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/","title":{"rendered":"Phishing Gone Pro From $88 to Millions: How 17,500 Domains Are Hitting 316 Brands Globally"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/certera.com\/blog\/phishing-attacks-explained-how-to-spot-and-prevent-online-scams\/\">Phishing attacks<\/a> aren\u2019t just some hacker in a hoodie working out of a basement. They\u2019re a full-blown, global business operation, and they\u2019re getting more sophisticated every month.<\/p>\n\n\n\n<p class=\"quote-section wp-block-paragraph\">According to a brand-new report from Netcraft, two major PhaaS (Phishing-as-a-Service) platforms, <strong>Lighthouse<\/strong> and <strong>Lucid<\/strong>, have been linked to over <strong>17,500 phishing domains,<\/strong> targeting <strong>316 brands across 74 countries.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">That\u2019s not a typo. We\u2019re talking about a phishing network that scales like a SaaS startup except its \u201ccustomers\u201d are cybercriminals.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">And if you think this is just a problem for \u201cbig tech\u201d or \u201cthe finance sector,\u201d think again. These campaigns are hitting toll operators, postal services, government agencies, crypto users, and regular businesses worldwide.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-exactly-is-phaas-and-why-should-you-care\">What Exactly Is PhaaS and Why Should You Care?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">If you haven\u2019t heard the term before, <a href=\"https:\/\/certera.com\/blog\/rockstar-2fa-a-growing-threat-in-phishing-as-a-service\/\">Phishing-as-a-Service (PhaaS)<\/a> works exactly like it sounds.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Instead of some lone hacker hand-crafting phishing emails, cybercriminals can now <strong>subscribe to phishing kits just like Netflix.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>For as little as $88 a week (or $1,588 for an annual plan), they get access to:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ready-made phishing templates impersonating hundreds of brands<\/li>\n\n\n\n<li>Tools for sending smishing messages (yes, SMS phishing) via iMessage and Android RCS<\/li>\n\n\n\n<li>Real-time dashboards to monitor victims\u2019 clicks and credentials<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">And just like SaaS companies, these operators provide updates, support, and new templates to keep attacks fresh and convincing. Anyone with a credit card and bad intentions can run a phishing campaign at scale, no technical skills required.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Also Read:<\/strong> <a href=\"https:\/\/certera.com\/blog\/one-year-140000-phishing-websites-the-impact-of-sniper-dz\/\">One Year, 140,000+ Phishing Websites: Impact of Sniper Dz<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-meet-lighthouse-and-lucid\">Meet Lighthouse and Lucid<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The two names you need to know are Lighthouse and Lucid.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Lucid<\/strong> was first exposed in April by the Swiss cybersecurity firm PRODAFT. It\u2019s believed to be operated by a Chinese-speaking threat actor known as the <strong>XinXin group.<\/strong><\/li>\n\n\n\n<li><strong>Lighthouse<\/strong>, on the other hand, is developed by a separate actor (known as Lao Wang) but shows significant overlap in infrastructure, templates, and targeting strategy.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Together, they represent one of the largest PhaaS networks we\u2019ve seen to date.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Lucid has targeted 164 brands across 63 countries<\/strong><\/li>\n\n\n\n<li><strong>Lighthouse has targeted 204 brands across 50 countries<\/strong><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">And they\u2019re not just cloning login pages. They\u2019re using advanced filtering requiring a <strong>specific device, user agent, country, or even a secret path<\/strong> to make sure only the intended victim sees the phishing page.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you\u2019re not the target? You get redirected to a generic fake shopping page, making it harder for security researchers to catch them in the act. This level of operational security shows just how mature these cybercrime ecosystems have become.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-phishers-are-moving-back-to-email\">Phishers Are Moving Back to Email<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">One of the most surprising findings from Netcraft\u2019s report is that criminals are actually moving away from Telegram and Discord for transmitting stolen data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Instead, they\u2019re going back to\u2026 good old-fashioned email.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Why?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Email is federated, meaning there\u2019s no central authority to take down a campaign quickly.<\/li>\n\n\n\n<li>Creating a throwaway email address is fast, anonymous, and free.<\/li>\n\n\n\n<li>Tools like <strong>EmailJS<\/strong> allow attackers to capture login data and 2FA codes without hosting their own infrastructure.<\/li>\n<\/ul>\n\n\n\n<p class=\"quote-section wp-block-paragraph\">Netcraft reports a <strong>25% increase in email-based phishing<\/strong> in just one month. If you thought phishing emails were a thing of the past, think again.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-homoglyph-attacks\">Homoglyph Attacks<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Another fascinating and dangerous trend we\u2019re seeing is homoglyph attacks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Attackers are registering domains that look almost identical to legitimate ones by swapping in characters from other alphabets.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>For example, using the Japanese hiragana character \u201c\u3093\u201d, which at a glance looks like a forward slash.<\/strong><\/p>\n\n\n\n<p class=\"quote-section wp-block-paragraph\">Over <strong>600 malicious domains<\/strong> using this technique have been found, many targeting cryptocurrency users by luring them into installing fake wallet browser extensions (for MetaMask, Coinbase, Phantom, Trust Wallet, and others).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you think your team can \u201cspot a phishing link\u201d by just looking at it, this should make you nervous.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-legitimate-logos-are-fueling-fraud\">How Legitimate Logos Are Fueling Fraud?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Cybercriminals aren\u2019t just after your login credentials anymore. They\u2019re using your brand identity as bait to run full-blown scams.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Recent campaigns have impersonated <strong>Delta Airlines, AMC Theatres, Universal Studios, and Epic Records<\/strong>, tricking victims into completing fake \u201ctasks\u201d as part of bogus job offers.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Victims are told they need to <strong>deposit $100 in crypto to get started. <\/strong>This is classic <strong>advance-fee fraud,<\/strong> but now it\u2019s scaled up with API-driven brand-impersonation templates allowing criminals to spin up hundreds of lookalike sites in minutes.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Also Read:<\/strong> <a href=\"https:\/\/certera.com\/blog\/what-is-email-spoofing-detailed-guide\/\">What is Email Spoofing? Definition, Example &amp; Prevention<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-this-means-for-your-business\">What This Means for Your Business<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">If you\u2019re a business owner, CISO, or IT manager, here\u2019s the tough love. You can\u2019t afford to ignore this anymore.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>This isn\u2019t just about losing a few credentials; it\u2019s about:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Revenue Risk<\/strong> \u2013 <a href=\"https:\/\/certera.com\/blog\/what-is-business-email-compromise-bec-examples-scams-and-tactics\/\">Business email compromise (BEC)<\/a> costs companies billions every year. A successful phishing attack can shut down operations, drain funds, or cause compliance violations.<\/li>\n\n\n\n<li><strong>Reputation Damage<\/strong> \u2013 Your customers lose trust if they fall for a phishing site using your brand.<\/li>\n\n\n\n<li><strong>Legal liability<\/strong> \u2013 With regulations like GDPR and the upcoming EU AI Act, failing to secure customer data can lead to heavy fines.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-to-stay-ahead-a-practical-action-plan\">How to Stay Ahead: A Practical Action Plan<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Here\u2019s what you should be doing right now to protect your business from PhaaS-driven attacks:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Invest in AI-Powered Security Tools &#8211; <\/strong>Traditional signature-based antivirus isn\u2019t enough. Use tools that leverage AI to detect anomalies, phishing domains, and malicious behaviour in real-time.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/certera.com\/blog\/nist-publishes-new-zero-trust-implementation-guidance-to-build-zta-sp-1800-35\/\">Implement Zero-Trust Architecture<\/a> &#8211;<\/strong> Assume every login attempt is malicious until proven otherwise. Enforce <a href=\"https:\/\/certera.com\/blog\/what-is-multi-factor-authentication-difference-between-2fa-mfa\/\">MFA<\/a>, device verification, and least-privilege access.<\/li>\n\n\n\n<li><strong>Run Red-Team\/Blue-Team Exercises &#8211;<\/strong> Simulate phishing campaigns inside your organisation. See who clicks, train them, repeat.<\/li>\n\n\n\n<li><strong>Monitor for Lookalike Domains &#8211;<\/strong> Use domain monitoring services to detect typosquats and homoglyph domains targeting your brand.<\/li>\n\n\n\n<li><strong>Stay Current on Threat Intelligence &#8211;<\/strong> Subscribe to reports from Netcraft, PRODAFT, and other threat intel providers. The landscape changes monthly. You need to stay informed.<\/li>\n\n\n\n<li><strong>Educate Your Employees &#8211;<\/strong> Phishing awareness training isn\u2019t a \u201conce a year\u201d thing. Make it part of your culture.<\/li>\n\n\n\n<li><strong>Using an automated monitoring system<\/strong> &#8211; Endpoint Detection &amp; Response (EDR) and <a href=\"https:\/\/certera.com\/sitelock\">SiteLock Security<\/a> are designed to catch these attacks early. They watch for suspicious behaviour in real time.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Also Read:<\/strong> <a href=\"https:\/\/certera.com\/blog\/gmail-phishing-with-prompt-injection-tricks-humans-and-ai\/\">Gmail Phishing with Prompt Injection: Tricks Humans and AI. Are You Ready?<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The rise of <strong>Lighthouse and Lucid<\/strong> shows us where phishing is headed: <strong>automation, scalability, and sophistication.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This isn\u2019t going away. In fact, it\u2019s growing faster than many organisations can keep up.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But the companies that win will be the ones that treat cybersecurity like growth marketing: <strong>constant iteration, investment, and education.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Don\u2019t wait until you become the next case study. Act now, educate your team, and harden your defences with <a href=\"https:\/\/certera.com\/solutions\/pki-solutions\">Cyber Security Services and Solutions<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Phishing attacks aren\u2019t just some hacker in a hoodie working out of a basement. They\u2019re a full-blown, global business operation, and they\u2019re getting more sophisticated every month. According to a brand-new report from Netcraft, two major PhaaS (Phishing-as-a-Service) platforms, Lighthouse and Lucid, have been linked to over 17,500 phishing domains, targeting 316 brands across 74<span class=\"morelink d-block mt-3\"><a href=\"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":3942,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31],"tags":[767,594],"class_list":["post-3938","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-attack","tag-phishing-attacks","tag-phishing-as-a-service-phaas","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Phishing Gone Pro: 17,500 Domains Are Hitting 316 Brands Globally<\/title>\n<meta name=\"description\" content=\"According to Netcraft, two major PhaaS platforms, Lighthouse and Lucid, have been linked to over 17,500 phishing domains, targeting 316 brands globally.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Phishing Gone Pro: 17,500 Domains Are Hitting 316 Brands Globally\" \/>\n<meta property=\"og:description\" content=\"According to Netcraft, two major PhaaS platforms, Lighthouse and Lucid, have been linked to over 17,500 phishing domains, targeting 316 brands globally.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/\" \/>\n<meta property=\"og:site_name\" content=\"EncryptedFence by Certera - Web &amp; Cyber Security Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/certeraLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-23T11:50:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-23T11:50:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/09\/phaas-campaign.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"960\" \/>\n\t<meta property=\"og:image:height\" content=\"621\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:site\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\\\/\"},\"author\":{\"name\":\"Janki Mehta\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\"},\"headline\":\"Phishing Gone Pro From $88 to Millions: How 17,500 Domains Are Hitting 316 Brands Globally\",\"datePublished\":\"2025-09-23T11:50:27+00:00\",\"dateModified\":\"2025-09-23T11:50:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\\\/\"},\"wordCount\":1111,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/phaas-campaign.webp\",\"keywords\":[\"Phishing Attacks\",\"Phishing-as-a-Service (PhaaS)\"],\"articleSection\":[\"Cyber Attack\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\\\/#respond\"]}],\"copyrightYear\":\"2025\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\\\/\",\"name\":\"Phishing Gone Pro: 17,500 Domains Are Hitting 316 Brands Globally\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/phaas-campaign.webp\",\"datePublished\":\"2025-09-23T11:50:27+00:00\",\"dateModified\":\"2025-09-23T11:50:28+00:00\",\"description\":\"According to Netcraft, two major PhaaS platforms, Lighthouse and Lucid, have been linked to over 17,500 phishing domains, targeting 316 brands globally.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\\\/#primaryimage\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/phaas-campaign.webp\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/phaas-campaign.webp\",\"width\":960,\"height\":621,\"caption\":\"Phishing-as-a-Service Attack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/certera.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Phishing Gone Pro From $88 to Millions: How 17,500 Domains Are Hitting 316 Brands Globally\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"name\":\"EncryptedFence by Certera - Web & Cyber Security Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"alternateName\":\"Certera's EncryptedFence Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/certera.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\",\"name\":\"Certera\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"caption\":\"Certera\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/certeraLLC\\\/\",\"https:\\\/\\\/x.com\\\/certera_llc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/certera-llc\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\",\"name\":\"Janki Mehta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"caption\":\"Janki Mehta\"},\"description\":\"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\\\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.\",\"sameAs\":[\"https:\\\/\\\/certerassl.com\\\/\"],\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/author\\\/certerabguser\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Phishing Gone Pro: 17,500 Domains Are Hitting 316 Brands Globally","description":"According to Netcraft, two major PhaaS platforms, Lighthouse and Lucid, have been linked to over 17,500 phishing domains, targeting 316 brands globally.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/","og_locale":"en_US","og_type":"article","og_title":"Phishing Gone Pro: 17,500 Domains Are Hitting 316 Brands Globally","og_description":"According to Netcraft, two major PhaaS platforms, Lighthouse and Lucid, have been linked to over 17,500 phishing domains, targeting 316 brands globally.","og_url":"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/","og_site_name":"EncryptedFence by Certera - Web &amp; Cyber Security Blog","article_publisher":"https:\/\/www.facebook.com\/certeraLLC\/","article_published_time":"2025-09-23T11:50:27+00:00","article_modified_time":"2025-09-23T11:50:28+00:00","og_image":[{"width":960,"height":621,"url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/09\/phaas-campaign.webp","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_creator":"@certera_llc","twitter_site":"@certera_llc","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/#article","isPartOf":{"@id":"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/"},"author":{"name":"Janki Mehta","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7"},"headline":"Phishing Gone Pro From $88 to Millions: How 17,500 Domains Are Hitting 316 Brands Globally","datePublished":"2025-09-23T11:50:27+00:00","dateModified":"2025-09-23T11:50:28+00:00","mainEntityOfPage":{"@id":"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/"},"wordCount":1111,"commentCount":0,"publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"image":{"@id":"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/09\/phaas-campaign.webp","keywords":["Phishing Attacks","Phishing-as-a-Service (PhaaS)"],"articleSection":["Cyber Attack"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/#respond"]}],"copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/certera.com\/blog\/#organization"}},{"@type":"WebPage","@id":"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/","url":"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/","name":"Phishing Gone Pro: 17,500 Domains Are Hitting 316 Brands Globally","isPartOf":{"@id":"https:\/\/certera.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/#primaryimage"},"image":{"@id":"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/09\/phaas-campaign.webp","datePublished":"2025-09-23T11:50:27+00:00","dateModified":"2025-09-23T11:50:28+00:00","description":"According to Netcraft, two major PhaaS platforms, Lighthouse and Lucid, have been linked to over 17,500 phishing domains, targeting 316 brands globally.","breadcrumb":{"@id":"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/#primaryimage","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/09\/phaas-campaign.webp","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/09\/phaas-campaign.webp","width":960,"height":621,"caption":"Phishing-as-a-Service Attack"},{"@type":"BreadcrumbList","@id":"https:\/\/certera.com\/blog\/phishing-gone-pro-how-17500-domains-are-hitting-316-brands-globally\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/certera.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Phishing Gone Pro From $88 to Millions: How 17,500 Domains Are Hitting 316 Brands Globally"}]},{"@type":"WebSite","@id":"https:\/\/certera.com\/blog\/#website","url":"https:\/\/certera.com\/blog\/","name":"EncryptedFence by Certera - Web & Cyber Security Blog","description":"","publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"alternateName":"Certera's EncryptedFence Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/certera.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/certera.com\/blog\/#organization","name":"Certera","url":"https:\/\/certera.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","caption":"Certera"},"image":{"@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/certeraLLC\/","https:\/\/x.com\/certera_llc","https:\/\/www.linkedin.com\/company\/certera-llc\/"]},{"@type":"Person","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7","name":"Janki Mehta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","caption":"Janki Mehta"},"description":"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.","sameAs":["https:\/\/certerassl.com\/"],"url":"https:\/\/certera.com\/blog\/author\/certerabguser\/"}]}},"_links":{"self":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3938","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/comments?post=3938"}],"version-history":[{"count":2,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3938\/revisions"}],"predecessor-version":[{"id":3941,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3938\/revisions\/3941"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media\/3942"}],"wp:attachment":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media?parent=3938"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/categories?post=3938"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/tags?post=3938"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}