TechViews News …..
Everyone knows what phishing is, right?
Phishing scams are almost always emails that appear to be from a legitimate business that needs your urgent attention on some matter.
From there, scammers will try to get you to click on their spoofed, fake and malicious links and steal your credentials. If you’re not careful, that is all these criminals need to gain access to a treasure trove of personal information like credit card numbers, personal data and other confidential files.
But did you know that some companies are favorites when it comes to bogus emails? The payoff in victimizing certain accounts is greater, so naturally, scammers allocate more of their resources to target specific brands.
In fact, to shed light on the matter, a new report on the top phishing brands has been published.
Phishers’ Favorites Top 25
Email security firm Vade Secure recently published the second edition of its “Phishers’ Favorites” list and there are no surprises here — Microsoft, Paypal, and Netflix still lead the pack of the most-phished brands in the U.S.
The “Phishers’ Favorites” is a newly developed quarterly report that tracks the 25 most commonly faked brands in North America, including their movement in the rankings from the prior report. A total of 86 brands are currently being tracked since they account for 95 percent of all phishing URLs.
What’s surprising, though, is the significant drop in social media phishing, mainly because of attention given to Facebook’s massive collection of personal data from its subscribers.
Microsoft remains the top phishing favorite
Retaining the top spot from the second quarter report is Microsoft and the difference is not even close.
Microsoft phishing emails grew by 23.7% from the last report, maintaining its trend of growth for each quarter.
Why are Microsoft phishing attacks still extremely popular? Well, aside from Windows still having the largest desktop computer user base in the world, the cloud-based component of Microsoft’s services makes it extra enticing. The most vulnerable Microsoft targets are users subscribing to Office 365.
Nowadays, if a hacker manages to steal Office 365 credentials, not only can they access sensitive files from anywhere that users access their Microsoft logins, they can also use a compromised account as a springboard for more phishing attacks from within a company or a home user’s system.
“The primary goal of Microsoft phishing attacks is to harvest Office 365 credentials. With a single set of credentials, hackers can gain access to a treasure trove of confidential files, data, and contacts stored in Office 365 apps, such as SharePoint, OneDrive, Skype, Excel, CRM, etc.,” wrote Vade Secure in its report.
“Moreover, hackers can use these compromised Office 365 accounts to launch additional attacks, including spear phishing, malware, and, increasingly, insider attacks targeting other users within the same organization,” the company added.
The most common Microsoft phishing techniques involve fake sign-in pages that look exactly like the real thing. For example, scammers are sending phishing emails that warn about suspended or disabled Office 365 access, creating “a sense of urgency” for the recipient to enter their credentials immediately, thinking they are logging into their real Microsoft accounts.
Another common technique is fake file sharing from a OneDrive or SharePoint account. As always, the hook with these scams is that in order to view the shared file, the target has to enter their Microsoft account credentials.
Runners-up: Paypal and Netflix
Paypal held on to second place with a 29.9% increase in phishing addresses. Why is Paypal so popular? Well aside from its massive user base, a Paypal account has financial and banking information that scammers can exploit for a quick buck.
Moving up from fourth to third place is Netflix, which scored a large 61.9% increase in phishing addresses. Netflix phishing scams are on the rise because aside from harvesting credit card details, Netflix credentials are also being sold in the Dark Web for cheap.
What’s happening is that these scammers are sending fake emails claiming to be from Netflix in an effort to steal your information.
The email tells the customer that they need to update their membership information. Guess what? In reality, these are just phishing scams attempting to trick you into entering your login information into their counterfeit website.
And naturally, making it to the top 5 are two widely used financial institutions – Bank of America with a big 57.4% growth and Wells Fargo, which netted a 21.5% increase.
Apple and Google are lower on the list than I expected, ranking at 14 and 15, respectively.
Facebook moved down
One surprising development in this quarter’s report is the progressive decline of phishing attempts on Facebook. Phishing URLs for Facebook already dropped significantly by 53% in the second quarter and dropped even further by 35.6% in the third quarter.
How come? Facebook’s devastating fallout from the Cambridge Analytica fiasco and increased attention from internet watchdogs are some of the probable reasons why scammers are staying away from Facebook at this time.
Targeted phishing is on the rise
It’s interesting to note that while the number of phishing attacks on the whole is rising, hackers are increasingly relying on social engineering than software exploits and malware. Vade Secure said the total number of new phishing URLs across the tracked 86 brands rose a whopping 23.4% in the third quarter of 2018 alone.
Phishing scammers are also employing new targeting techniques to evade detection. By crafting unique URLs for targeted emails, they can avoid detection from email security software and filtering tools.
So instead of sending the emails in bulk from a single URL, it looks like scammers are splitting them up with multiple addresses to bypass phishing message filters.
Top days for phishing
Here are more interesting facts from Vade Secure’s report: the most common days when scammers send out their phishing emails the most. Apparently, cybercriminals also adhere to general marketing strategies when they send out their fake emails to increase their chances of success.
Microsoft phishing emails are sent out during weekdays, peak Tuesdays and Thursdays and understandably drop off during weekends.
The reverse is true with Netflix as phishing attacks peak during the weekends, the days when subscribers are streaming the most.
Banking phishing attacks also peak Saturdays and Sundays since bank customer support are typically closed on weekends, making it harder for the targets to verify the authenticity of a bank phishing email.
How to protect yourself against phishing scams:
- Use unique passwords – Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it’s simple for the cybercriminal to get into each account.
- Be cautious with links – If you get an email or notification that you find suspicious, don’t click on its links. It could be a phishing attack. It’s always better to type a website’s address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn’t what the link claims, do not click on it.
- Set up two-factor authentication – Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It’s like the DMV or bank asking for two forms of ID.
- Watch for typos – Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos.
- Check your online accounts – The site HaveIBeenPwned allows you to check if your email address has been compromised in a data breach.
- Have strong security software – Having strong protection on your family’s gadgets is very important. The best defense against digital threats is strong security software.
Be Safe – Backup Your Data Regularly!
And don’t forget to take advantage of our FREE subscription to the TechViews News Updates. You will receive all of our updates and posts the moment they are published.