Millions around the world have now learned to check emails received from familiar brands with skepticism. The sad truth is that we receive more malicious fake emails from the brands we trust than real ones. And the latest list of brands impersonated in such phishing campaigns has now been released.
We all receive them all of the time. Emails with first-grade English and (usually) casually mocked-up templates, informing us that our Microsoft or Facebook or Apple accounts have been locked due to “suspicious activity.” Thankfully, the email includes a link where we can quickly unlock the problem. The issue, of course, is that the email is a con and the link an attempt to steal our credentials to access the real site.
Phishing campaigns attempt to urge user action—you have limited time to unlock an account or you lose access or data or both, plausibility—the email has been promoted by something, and trust—the mock-up of the email and any fake linked pages needs to mimic the familiar closely enough that it doesn’t trigger alarm. Beyond that, we’re looking at varying levels of sophistication and professionalism. Better mock-ups, better than first-grade English, links hidden behind images, as examples.
According to the latest report from Vade Secure, almost 80% of these phishing emails are sent on a weekday—and Tuesday and Wednesday are the favorite days to mount an attack. You can relax (a little) at the weekend.
The Microsoft brand has a clear lead when it comes to phishing attacks. “Over the course of the [last] quarter,” the researchers report, “our AI engine detected a staggering 20,217 unique Microsoft phishing URLs, for an average of more than 222 per day.” And we have seen multiple reports even in the last few days around new techniques to impersonate Microsoft and scam credentials—including one that created bespoke 404 pages to add a devious new twist to the attacks.
There are now more than 180 million Office 365 business users—its a playing field rife for attack. And once an attacker steals Office 365 credentials the whole world of a Microsoft user’s account opens up. Email accounts are one thing, but cloud storage drives offer even richer pickings and it’s all there for the taking.
PayPal has the second spot. And I would guess that most people reading this have received PayPal phishing messages at some point. Stealing PayPal credentials isa goldmine. There’s no need for a clever data harvesting plan—once into an account, attackers have “instant payback for phishers.” And with approaching 300 million active users, again the playing field is vast.
Facebook comes in third, with year-on-year growth in phishing attacks using the brand reaching a staggering 176%. Big tech, financial institutions and social media are the real danger emails and they occupy the top three slots. Social media in general is seeing the fastest growth for phishing attacks—and we will all have seen campaigns.
Again, as with Microsoft, Facebook-branded attacks go beyond first-tier access. Facebook login credentials can now be used to access a wide range of third-party sites and services. And, as ever, once you’re in—you’re in.
The full list of the top-10 is here:
- Bank of America
The Vade Secure team highlighted the growth in Amazon-branded phishing attacks for particular mention. Year-on-year growth has been an eye-watering 411%, and you will likely remember the attacks targeted at Amazon Prime Day as an example of phishers hiding behind events to introduce some level of plausibility to an attack.
As ever, the usual advice applies. Don’t follow email links to reset security settings. Access apps and sites as normal, and follow instructions to security pages. Those pages are signposted—they are not difficult to find. You’ll soon know if there’s an issue. Look at domain names, make sure they seem to be what you’d expect.
And, even more critically, use common sense. Is this the kind of email you’d expect to receive? If not, then it’s almost certainly a phishing or malware attack of some sort.