Microsoft, Netflix, and PayPal Continue to Be the Most Phished Companies in North America
Protecting internet users is no small task, and a major part of the effort goes into monitoring the threat landscape. By knowing what's trendy in the world of cybercrime, security companies can be better prepared to adapt their products and hopefully provide more effective protection. Phishing is one of the activities that never seems to go out of fashion but even so, monitoring the phishers' habits is still important because it helps companies build better anti-phishing filters and employee training programs that should fend off most of the attacks.
That's why, every few months, Vade Secure, an email security company, share bits of the telemetry they record in North America. Yesterday, they published their findings for the third quarter of 2018. Here's what they have.
Table of Contents
More phishing URLs, fewer emails per URL
Scammers love phishing. They always have, and by the looks of things, they always will. In fact, Vade Secure noticed a sizable uptick in the number of phishing URLs during Q3. The increase sits at just over 20%, but there's another piece of statistics that's even more interesting. The data shows that in the third quarter, the number of emails per URL was down 64%. This is good news for the scammers and bad news for us.
The figures suggest that it's now easier than ever to compromise someone else's website and host a phishing page on it. The uptick in the number of URLs shows that it is indeed happening on a larger scale. This, in turn, means that there can be more messages with a unique URL, and because of that, the crooks stand a better chance of slipping the phish through the blacklist-based filters.
As you can see, organizing a phishing campaign isn't as simple as spraying numerous inboxes with a large number of scam emails. Despite this, the crooks are ready to go through all the trouble, and that's because the potential gain is huge. But how do they monetize on their efforts exactly?
Using Microsoft’s products? Be careful with the links in your inbox
Vade Secure track the phishing emails aimed at the users of 86 organizations, which, they reckon, account for more than 95% of all the phishing traffic. The most commonly impersonated of these organizations for the second quarter in a row is Microsoft. In fact, after scoring a 24% quarter-over-quarter increase in the number of phishing URLs, the software giant sits head and shoulders above all the other organizations. In Q3, an average of 235 Microsoft phishing URLs were detected per day.
It might come as a bit of a surprise to you that Microsoft, and not a financial institution, for example, leads the pack. When you think about it, however, you'll see that attacking users of Redmond's products makes a fair bit of sense.
Not that long ago, Microsoft started marketing its Office365 products as the one-size-fits-all solution for all the tasks you normally need to take care of in the corporate environment. Because a user accesses all these products through a single username and password pair, these credentials suddenly become quite valuable, as they give attackers the chance to infiltrate and potentially tamper with many of the tools employees use every day. Getting this sort of access opens the door for data stealing, and it could also help crooks move deeper within the organization, phish credentials from other employees, etc.
Vade Secure pointed out that for the most part, crooks used two main scenarios when targeting Microsoft users. The first one is fairly traditional – the target's account has been suspended, and they must log in as a matter of urgency in order to remediate the issue. The other revolves around Microsoft's SharePoint file-sharing service – someone has supposedly shared a file with the victim, but before they can view it, the targets must enter their usernames and passwords. In both cases, the fake login pages were virtually indistinguishable from the real thing.
PayPal and Netflix users are also in the crooks’ sights
The second most targeted organization is PayPal. In Q3, Vade Secure registered a 30% increase in the number of phishing URLs impersonating one of the world's biggest payment processors. Compared to more traditional financial institutions, PayPal attracts many more hackers which shouldn't really be a surprise considering the enormous user base and the potential for a quick financial gain.
Financial gain is at the bottom of the attacks on Netflix as well. The streaming platform comes in at Number 3 on the list of the phishers' favorite organizations. People like consuming content, but they're not too keen on paying big money for it. As a result, stolen Netflix usernames and passwords are pretty popular on hacking forums, and crooks who have large numbers of credentials often walk away with a substantial profit.
No real surprises in the Top 10
All in all, the entries in Vade Secure's list shouldn't shock anyone. Here are the Top 10:
- Microsoft
- PayPal
- Netflix
- Bank of America
- Wells Fargo
- Chase
- Orange
- DHL
- Dropbox
Perhaps the only surprise is Facebook's drop. In Q2, the social media giant was in third place, but after the number of detected phishing emails was slashed by a third, it dropped down to sixth in the third quarter. We can only speculate whether the Cambridge Analytica scandal and other more recent incidents have led to the slump, but the theory doesn't sound too improbable.
Chances are, you have an account with at least one of the services in the Top 10, but even if you don't, you must never discount the danger of phishing emails. You might think that you know what you're doing, but you'd be surprised to see how many experienced, tech-savvy users sometimes fall victims to what is widely considered a fairly unsophisticated attack. Keeping your wits about you at all times, especially when you're browsing through the contents of your inbox, is essential.
