Baiting the Hook
By Jenna Finn
Vade Secure, a global leader in predictive e-mail defense, recently published the results of its Phishers’ Favorites report for the second quarter of 2019. According to the report, which ranks the 25 most impersonated brands in phishing attacks, Microsoft was by far the top target for the fifth straight quarter. There was also a significant uptick in Facebook phishing, as the social-media giant moved up to the third spot on the list as a result of a staggering 176% year-over-year growth in phishing URLs.
The report was developed by analyzing the number of unique phishing URLs detected by Vade Secure. Leveraging data from more than 600 million protected mailboxes worldwide, Vade’s machine-learning algorithms identify the brand being impersonated as part of its real-time analysis of the URL and page content.
“Cybercriminals are more sophisticated than ever.”
Microsoft has ranked number one on the Phishers’ Favorites list every quarter since the official rankings were first released early in 2018. In the most recent quarter, Vade’s AI engine detected 20,217 unique Microsoft phishing URLs, for an average of more than 222 per day. This represents a 15.5% year-over-year increase compared to the second quarter of 2018.
Microsoft phishing has become a potential goldmine thanks to the growth of Office 365, which boasts more than 180 million active monthly business users. Office 365 is increasingly the heart of companies, providing the essential services (e-mail, chat, document management, project management, etc.) that businesses depend on to run. Each set of Office 365 credentials provides a single entry point not just to the entire platform but the entire business, allowing cybercriminals to launch insider attacks targeting anyone in the organization in just one step.
Meanwhile, Facebook phishing has been on a tear throughout 2019 and advanced one spot up to number three in the most recent quarter thanks to a 175.8% increase in phishing URLs. One explanation for this rise in popularity could be the prevalence of social sign-on using Facebook accounts, a feature called Facebook Login. This is particularly attractive to cybercriminals because they’ll be able to see what other apps the user has authorized via social sign-on, and potentially compromise those accounts as well.
The rest of the most-impersonated brands on the Phishers’ Favorites report include PayPal (number 2), Netflix (4), Bank of America (5), Apple (6), CIBC (7), Amazon (8), DHL (9), and DocuSign (10). Amazon phishing URLs saw a massive spike in the second quarter of 2019, growing 182.6% over the first quarter and 411.5% year over year. This coincides with reports of a new Amazon phishing kit in May, as well as the lead up to Prime Day 2019.
In terms of the most impersonated industries, cloud companies took the top spot for the fifth straight quarter with 37.6%, followed by financial services (33.1%), social media (15.6%), e-commerce/logistics (7.7%), and internet/telecommunications (5.2%).
A large majority of phishing (80%) took place on weekdays, while Tuesdays and Wednesdays were the most popular days for cybercriminals to take their shot.
“Cybercriminals are more sophisticated than ever, and the ways they target corporate and consumer e-mail users continued to evolve in Q2,” said Adrien Gendre, chief solution architect at Vade Secure. “Microsoft Office 365 phishing is the gateway to massive amounts of corporate data, while gaining access to a consumer’s Facebook log-in information could compromise much of their personal, sensitive information. The fact that we saw such a significant volume in impersonations of these two brands, along with the coinciding new methods of attack, means that virtually all e-mail users and organizations need to be on heightened alert.”
Jenna Finn is an account manager with Vade Secure.