On Phishing Attacks and the Companies That are Targeted the Most
We at HackerCombat have always been writing about different kinds of phishing attacks and also on how phishing scams are on the rise. The last phishing-related story we had done was about a scam that uses multiple replica sign-in pages to cheat users into giving away their credentials. Today, we are focussing on an entirely different aspect of phishing and phishing scams.
Today, we focus on companies that top the list among brands that are preferred by hackers specializing in phishing scams. Yes, indeed. Phishers do have their favorites!
Microsoft leads, bagging the Number One position among phishing favorites, while Paypal and Netflix are in the second and third positions respectively, as per a recent report.
Email security firm Vade Secure has recently published the latest edition, the second edition, of its quarterly ‘Phishers’ Favorites Top 25’ list. This list, as stated in a blog post published by the company, “…highlights the 25 most commonly spoofed brands in North America, including their current position and how many spots they moved up/down since Q2.”
The list has been compiled by tallying phishing URLs on a day-to-day basis and by tracking/analyzing 86 brands, which account for 95% of all phishing URLs detected by Vade Secure.
The report infers that with cyberattacks becoming increasingly targeted, phishing URL volume is up. The Vade Secure blog post states, “It’s clear that phishing attacks are on the rise, as hackers shift from exploiting software vulnerabilities to exploiting human vulnerabilities. Overall, the total number of new phishing URLs across the 86 brands tracked rose 20.4% in Q3.”
The report infers that phishing attacks are becoming more targeted. The number of phishing emails sent per URL has dropped more than 64%, a fact which suggests that hackers now use each URL in fewer emails so as to avoid detection. There are also sophisticated phishing attacks where each email contains a unique URL, thereby ensuring easy evasion of detection by traditional security software.
Microsoft, for the second consecutive quarter, tops the ‘Phishers’ Favorites Top 25’ list, while PayPal too stood steady at #2 and Netflix moved up one position to #3.
As regards Microsoft’s position, the Vade Secure blog post states, “Percentage wise, the 23.7% quarter-over-quarter growth in Microsoft phishing URLs might seem modest. However, in absolute numbers, Microsoft saw the largest overall growth, with the average number of phishing URLs surging from 124.2 per day in Q1, to 192.4 in Q2, to 235.4 per day in Q3.”
Those who target Microsoft primarily seek to breach Office 365 credentials, which eventually gives them access to files and data stored in apps like SharePoint, OneDrive, Skype, Excel, CRM, etc. They can also use the compromised office 365 accounts to launch further attacks.
Two common Microsoft phishing pages were mostly seen, the first replicating the Office 365 sign-in page and the second pretending that the recipient has received a link to a file on OneDrive or SharePoint.
The Vade Secure blog post makes these observations regarding the runners-up – “PayPal held steady at #2 with a 29.9% increase in phishing URLs. PayPal is a perennial phishers’ favorite, given its large user base (244 million active accounts, as of Q2 2018) and the immediate financial payback from hacking these accounts…Netflix moved up one position to #3, driven by a substantial 61.9% increase in phishing URLs. The streaming video service is a popular target because hackers frequently attempt to access credit card numbers by pretending that accounts have been suspended due to billing issues. Login credentials to Netflix (and other services) are also sold on the dark web for low prices.”
Bank of America, with a 57.4% increase in phishing URLs and Wells Fargo with a 21.5% increase, have ranked 3rd and 4th respectively. Facebook, Chase, Orange, DHL and Dropbox also feature in the top 10. Of these Facebook is showing a negative trend. The blog post notes, “Interestingly, Facebook was the only brand in the top 10 with negative quarter-over-quarter growth in phishing URLs (-35.6%). This comes on the heels of an even bigger -54.3% drop in Q2. The steady decline in 2018 suggests that hackers are losing interest in Facebook as a target, perhaps due to greater public scrutiny and focus on security in the wake of Cambridge Analytica, the recent breach impacting 50 million accounts, and other incidents.”
In addition to finding that targeted phishing is on the rise, the Vade Secure team also finds out that Tuesdays and Thursdays are the top days for phishing attacks.