Microsoft Tops Phishers Favorite Brands as Facebook Spikes

Microsoft remains the favorite brand to spoof in phishing campaigns, but more attackers are impersonating Facebook.

Cybercriminals often exploit victims familiarity with popular brands to manipulate them into falling for phishing campaigns. Microsoft is the most common brand to spoof, researchers report, with PayPal in second place and Facebook rapidly catching up in a close third.
The Phishers Favorites report, released today by Vade Secure, ranks the 25 most impersonated brands in phishing attacks based on unique phishing URLs detected within each quarter. Microsoft has held the top spot every time, a trend it continued in the second quarter of 2019, when 20,217 unique Microsoft phishing URLs were detected — more than 222 per day. This marks a 6.8% decline from the first quarter but a 15.5% increase from Vade Secures first report. (The report is now in its fifth edition.)
Microsoft remains phishers favorite due to its size and the high value of Office 365 credentials, explains Adrien Gendre, chief solutions architect at Vade Secure. Its latest quarterly earnings reported more than 180 million active monthly enterprise users on Office 365; IDC estimates the platform makes up 47.6% of enterprise cloud email implementations. Office credentials offer a single point of entry to files, data, and contacts in SharePoint, OneDrive, and Skype.
While hacked Office 365 credentials can certainly be used to access sensitive company information and files, the real driver is east-west movement via insider attacks, says Gendre of attackers motivation. Detecting display name spoofing or close cousin domains is relatively easy; detecting attacks coming from legitimate email accounts is much harder.
Its easy to manipulate employees with fake Microsoft emails because the Office 365 platform is the lifeblood of businesses, he continues. Most cant do their jobs without access to email, chat, and other productivity and file management tools, which is why theyre compelled to take action when an email appears notifying them their Office 365 account has been suspended. Other phishing attacks may contain links to OneDrive or SharePoint documents,
Vade analysts found
.
Microsoft beat PayPal by more than 4,300 phishing URLs in the second quarter, but emails impersonating the payment service were up nearly 112% year-over-year. A global user base makes it a popular target, and stealing PayPal credentials leads to quick payback for attackers. Most PayPal phishing emails claim a recipients account has been blocked or suspended, prompting them to go to a fraudulent page to confirm or restore their account.
Phishers Get Social
Facebook isnt far behind: After a consistent decline in the second half of 2018, URLs spoofing the social media giant spiked 155% in the first quarter of 2019 and 175.8% in the second quarter. The fact that Facebook phishing has increased significantly for two straight quarters is indication to me that these attacks are working, Gendre says. Headlines about Facebooks privacy issues, and communications from the company about updates to its terms of use and privacy policies, also give attackers opportunity to strike.
The increase may also be attributed to Facebook Login, or the social sign-on using Facebook accounts. With Facebook credentials, attackers can see which other apps a user has authorized with Facebook Login and compromise those accounts. With access to Facebook Messenger, they may also target a victims contacts with additional phishing scams, Gendre points out.
Still, he doesnt think the growth will last. The reason is that the potential payback isnt as direct as it is for Microsoft and PayPal, he says. There also isnt a strong corporate angle, which is where most hackers are increasingly setting their sights.
Social media also saw the most quarter-over-quarter growth of all industries; phishing in this sector accelerated from 74.7% in the first quarter of 2019 to 130.7% in the second, entirely driven by Facebook phishing URLs. Still, social media phishing campaigns only made up 16% compared with other industries, putting the industry in third. Cloud is still in the top spot (37%), followed by financial services (33%).
Amazon Rises Up the Ranks
One of the findings that surprised Gendre most was the growth in Amazon phishing, which increased 182.6% throughout the first quarter and 411.5% year-over-year. But the spike wasnt what stood out to him — its the fact Amazon wasnt a popular target sooner.
Amazon is one of those brands that straddles the consumer and corporate worlds and could thus be an effective lure for both audiences, he explains. No one wants to have an order canceled because of a declined payment, or they want to know immediately about a delay with their shipment.
There was a spike in Amazon phishing URLs on May 5, around the time reports surfaced of a new Amazon phishing kit. Another spike occurred on June 19 after Prime Day was announced. Analysts noticed a wide variety of Amazon phishing emails, which manipulate victims with messages about Amazon rewards, loyalty vouchers, exclusive product, or special surprise.
Related Content:
7 Online Safety Tips for College Students
Box Shield Brings New Security Controls
Silence APT Group Broadens Attacks on Banks, Gets More Dangerous
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
You Gotta Reach Em to Teach Em
.

Last News
▸ Pushdo Botnet changes to avoid detection. ◂ Discovered: 26/12/2024 Category: security	▸ Boston Childrens Hospital ensures teens privacy. ◂ Discovered: 26/12/2024 Category: security	▸ British LulzSec hackers sentenced for cyberattacks. ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Microsoft Tops Phishers Favorite Brands as Facebook Spikes