Microsoft tops list of brands impersonated by phishers

New WAF attack timelines show the start and end of a threat.
No more logs. See how →

The number one brand spoofed by phishers in Q2 2018 in North America was Microsoft, says email security company Vade Secure. The company credits the surging of adoption of Microsoft Office 365 for this unfortunate statistic.

phishers impersonate Microsoft

“It’s clear that Office 365 has become the number one target for corporate phishing attacks,” the company explained. “The reason is that it’s highly profitable to compromise an Office 365 account. Hackers see email-based attacks as an easy entry point into a treasure trove of data, files, and contacts from other Office 365 apps—including SharePoint, OneDrive, Skype, Excel, CRM, etc.”

Q2 2018 phishers’ favorites

Vade Secure has unveiled the Phishers’ Favorites, a list of the the 25 most commonly spoofed brands in North America, which it will publish every quarter.

For Q2 2018, the list is as follows (the percentage of phishing ULR growth or decrease, as compared to the previous quarter, is noted in the brackets):

1. Microsoft (56.6%)
2. PayPal (15.7%)
3. Facebook (-54.3%)
4. Netflix (49.57%)
5. Wells Fargo (27.2%)
6. Bank of America (135%)
7. Docusign (-39.7%)
8. Dropbox (-19.6%)
9. DHL (-14.7%)
10. Apple (1%)
11. Orange (-59%)
12. Adobe (9.5%)
13. Google (-37.9%)
14. Credit Agricole (31.6%)
15. Banque Populaire (-8.7%)
16. LinkedIn (-28.7%)
17. Alibaba (-16.4%)
18. Chase (-26.1%)
19. Yahoo! (-37.6%)
20. AT&T (-14.7%)
21. RBC (767.3%)
22. BT (55.6%)
23. Amazon (-55.5%)
24. USAA (-19.7%)
25. We Transfer (450%)

PayPal’s popularity with phishers does not need explaining, and Facebook slide from number 1 to number 3 is likely due to a combination of Facebook’s efforts to increase account security and greater scrutiny of the platform in the wake of the Cambridge Analytica scandal, the company posits.

Phishers love to impersonate Netflix because they usually get both login credentials and credit card information (they often pretend that the user’s account has been suspended due to a billing issue).

“What’s interesting is that three major cloud companies—Google, Dropbox, and DocuSign—all saw double-digit declines in phishing URLs in Q2,” the company added.

“It’s hard to pinpoint a single reason for this drop. In the case of Google, it may be the result of recent efforts to beef up security for Gmail accounts, or the fact that in the corporate market, its market share simply isn’t growing as fast as Office 365.”

Finally, they pointed out a new trend that can’t be gleaned from the list: a growing number of phishing attacks tied to cryptocurrency.

“Cryptocurrency services and marketplaces, such as Luno, Bittrex or Blockchain, are increasingly the subject of phishing attacks, as the popularity—and value—of cryptocurrency grows. Moreover, the fact that there’s minimal legal background or precedent in this area makes them more attractive targets,” they said.

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.