Microsoft Tops Phishing List

Thursday, October 25, 2018 @ 05:10 PM gHale

Brand recognition is what companies strive for, but when it comes to companies impersonated by phishers in North America, that is not a crowning achievement.

Along those lines, Microsoft remains the top company phishers like to impersonate, said research firm Vade Secure.

RELATED STORIES
CISO’s Know Breaches Inevitable
RATs a Risk to Industrial Networks
Insurance Firms Forecast More Cyber Losses
Lessons Learned One Year After Triton

The company compiles a list of the top 25 “phishers’ favorites” each quarter by tallying the number of new phishing URLs they detect.

In Q3 2018, Microsoft and PayPal have retained the two top places, and Netflix, Bank of America and Wells Fargo round out the top five.

It’s pretty obvious why Microsoft and PayPal are loved by phishers: the primary goal of Microsoft phishing attacks is to harvest Office 365 credentials.

“With a single set of credentials, hackers can gain access to a treasure trove of confidential files, data, and contacts stored in Office 365 apps. Moreover, hackers can use these compromised Office 365 accounts to launch additional attacks, including spear phishing, malware, and, increasingly, insider attacks targeting other users within the same organization,” the company said in a post.

They also warn about a marked increase of phishing emails pretending that the recipient has received a link to a file on OneDrive or SharePoint, and has to sign in to access the file.

PayPal credentials give phishers immediate financial payback. Netflix accounts are valuable for the payment card info contained in it, and as goods to be sold on the dark web.

The analysis of these latest phishing URLs also shows:
• Microsoft phishing emails are predominantly delivered during the working week (Tuesdays and Thursdays are preferred).
• Bank of America phishers cash in on weekends, when bank branches and customer service lines are closed.
• Netflix phishers prefer Sundays, likely because many new seasons of shows are released often on Fridays, and users are looking forward to watching them during the weekend. An email warning about a supposedly blocked account when users just want to watch something and relax is likely to improve the success of the phishing attack.
• Phishing is on the rise. The number of new phishing URLs across the 86 brands Vade Secure tracked rose 20.4 percent in Q3.



Leave a Reply

You must be logged in to post a comment.