Although Microsoft remains the top target for phishers, Netflix saw an incredible surge in Dec., making it the second most impersonated brand in Q4 2018, according to Vade Secure.
Microsoft remains the #1 impersonated brand, receiving more than 2.3 times the number of phishing URLs than Netflix. One credential can provide hackers with a single entry point to all of the apps under the Office 365 platform—as well as the files, data, contacts, etc. stored in them – meaning that they can use these legitimate accounts to conduct insider attacks on colleagues or spear phishing attempts targeting business partners. These sort of multi-phased attacks have been steadily increasing over the past year, and show no signs of slowing down.
Netflix phishing spiked in December (+25.7 percent), and Christmas day was the single biggest day for Netflix phishing in all of 2018. Cybercriminals sending emails that “Netflix is having trouble with your current billing information” is a classic phishing technique, but that doesn’t mean people don’t fall for it. So many in fact that the FTC issued a warning in December. With many people binge-watching Netflix shows with their families over the holidays, the fear of having their account suspended provides a sense of urgency, causing them to take action and provide their billing information right away.
Hackers are sending the most phishing emails on Tuesdays and Wednesdays, a shift from Q3, where the most popular days were Tuesdays and Thursdays. One of the most interesting observations is that phishers primarily mimic the work week schedule. Specifically, Microsoft phishing spikes on Tuesday and Wednesday; remains strong Monday, Thursday, and Friday; and then drops significantly over the weekend. The only brand that sees strong phishing over the weekend is Bank of America, with cybercriminals taking advantage of the fact that banks and customer service lines are closed on Sundays and sending emails that incite fear.
With phishers getting more sophisticated, we’ve seen a surge in the number of orchestrated multi-phased attacks being carried out,” said Adrien Gendre, Chief Solution Architect, Vade Secure. “Their aim isn’t simply to harvest credentials but rather to leverage compromised Office 365 accounts to conduct targeted attacks laterally within the organization. That’s why cybersecurity defenses focused only on the perimeter are outdated. Organizations must rethink email protection to handle those threats coming from inside their organization.”