Vade Secure has found that PayPal is now the most impersonated brand in phishing attacks, surpassing Microsoft for the first time, Help Net Security reports. Vade detected 16,547 unique PayPal phishing URLs in Q3 2019, which is a 69.6% increase over the same period last year.
PayPal was followed by Microsoft, Netflix, Facebook, Bank of America, Apple, Chase, CIBC, Amazon, and DHL. Vade noted that the financial industry was the most impersonated sector for the first time, with 38% of all phishing URLs impersonating these companies.
Adrien Gendre, Chief Solution Architect at Vade Secure, said in a statement that this shift indicates that attackers are profiting off of these attacks.
“For consumers, the rise of PayPal phishing, combined with the prevalence of financial institutions in our top 25, means that cybercriminals are making a concerted effort to target your wallet,” Gendre said. “My advice is to stay vigilant and follow best practices to ensure that you and your bank account are not victimized.”
Another notable finding was that although Microsoft phishing attempts dropped by 31% in Q3 2019, attackers are increasingly using randomization techniques to bypass email security filters. For example, they’ve been observed using similar but slightly different versions of Microsoft’s logo to fool detection mechanisms that look for brand impersonation attempts. This suggests that the attackers are focusing on effectiveness rather than quantity with regard to Microsoft phishing attacks.
Attackers are always shifting their methods to stay ahead of defenders. New-school security awareness training can help your employees keep up with the constantly changing threat environment.
Help Net Security has the story: https://www.helpnetsecurity.com/2019/11/11/office-365-phishing-techniques-evolve/
Here's how it works:
