As social media phishing reaches new heights, new data reviewing 2023 shows a massive effort by cybercriminals to leverage impersonation of social media brands.
Cybercriminals are no longer just targeting your corporate network. Due to the rise of the cybercrime economy, there are a growing number of cybercriminal gangs strictly going after initial access (that can be sold to other cybercriminals).
According to cybersecurity vendor Vade’s Phishers’ Favorites 2023 Year-in-Review Report, last year phishing emails containing a malicious impersonated URL topped 1.76 billion pointing to more than 197,000 unique phishing websites (that’s unique, meaning there are even more duplicates because of phishing kits with turnkey impersonation websites).
Facebook topped the list as the most impersonated brand, with Microsoft in tow in the second spot. Along with Facebook in the top 20 list were other social media brands including Instagram, Google, and WhatsApp. According to Vade, in total, social media brands saw a 113% increase in impersonation.
If you are wondering why go the long way around and target social media instead of just going for the Microsoft “jugular," the answer is simple – it’s likely those responsible for attacks on social media are looking for ways to continually cast a wider and wider net (of friends of friends of friends…), hoping to leverage the amassed set of compromised accounts as a means of eventually gaining access to banking, personal details, corporate accounts, and more.
And because social media is something each of us is thinking about simply consuming – and not something we need to be on guard when interacting with – it’s imperative that organizations ensure their employees remain vigilant via continual security awareness training.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.