Facebook phishing surges, Microsoft still most impersonated brand

Vade Secure published the results of its Phishers’ Favorites report for Q2 2019. According to the report, which ranks the 25 most impersonated brands in phishing attacks, Microsoft was by far the top target for the fifth straight quarter.

Facebook phishing surges

There was also a significant uptick in Facebook phishing, as the social media giant moved up to the third spot on the list as a result of a staggering 176 percent YoY growth in phishing URLs.

The report was developed by analyzing the number of unique phishing URLs detected by Vade Secure. Leveraging data from more than 600 million protected mailboxes worldwide, Vade’s machine learning algorithms identify the brand being impersonated as part of its real-time analysis of the URL and page content.

Microsoft phishing continues to dominate

Microsoft has ranked number one on the Phishers’ Favorites list every quarter since the official rankings were first released over a year ago. In Q2 2019, Vade’s AI engine detected 20,217 unique Microsoft phishing URLs, for an average of more than 222 per day. This represents a 15.5 percent YoY increase, compared to Q2 2018.

Microsoft phishing has become a potential goldmine thanks to the growth of Office 365, which boasts more than 180 million active monthly business users. Office 365 is increasingly the heart of companies, providing the essential services (email, chat, document management, project management, etc.) that businesses depend on to run. Each set of Office 365 credentials provides a single entry point not just to the entire platform but the entire business, allowing cybercriminals to launch insider attacks targeting anyone in the organization in just one step.

Facebook surges

Facebook phishing has been on a tear throughout 2019 and advanced one spot up to number three in Q2 thanks to a 175.8 percent increase in phishing URLs. One explanation for this rise in popularity could be the prevalence of social sign-on using Facebook accounts, a feature called Facebook Login. This is particularly attractive to cybercriminals because they’ll be able to see what other apps the user has authorized via social sign-on, and potentially compromise those accounts as well.

Facebook phishing surges

Additional key findings

  • PayPal (#2), Netflix (#4), Bank of America (#5), Apple (#6), CIBC (#7), Amazon (#8), DHL (#9) and DocuSign (#10) rounded out the top 10 most impersonated brands.
  • Amazon phishing URLs saw a massive spike in Q2 – growing 182.6 percent over Q1, and 411.5 percent YoY. This coincides with reports of a new Amazon phishing kit in May, as well as the lead up to Prime Day 2019.
  • In terms of the most impersonated industries, cloud companies took the top spot for the fifth straight quarter with 37.6 percent, followed by financial services (33.1 percent), social media (15.6 percent), e-commerce/logistics (7.7 percent) and internet/telco (5.2 percent).
  • A large majority of phishing (80 percent) took place on weekdays, while Tuesdays and Wednesdays were the most popular days for cybercriminals to take their shot.

“Cybercriminals are more sophisticated than ever, and the ways they target corporate and consumer email users continued to evolve in Q2,” said Adrien Gendre, Chief Solution Architect at Vade Secure. “Microsoft Office 365 phishing is the gateway to massive amounts of corporate data, while gaining access to a consumer’s Facebook log-in information could compromise much of their personal, sensitive information. The fact that we saw such a significant volume in impersonations of these two brands, along with the coinciding new methods of attack, means that virtually all email users and organizations need to be on heightened alert.”

Don't miss