Social Media Phishing Attacks Up More Than 70 Percent


Social media phishing, primarily on Facebook and Instagram, has seen a 74.7 percent increase in the first quarter of 2019. A new report on the current phishing landscape from predictive email defense company Vade Secure also shows that Microsoft has retained its spot as the most impersonated brand for four straight quarters, due to the potentially lucrative returns to be gained from Office 365 credentials.

It also reveals increasing sophistication in attacks. For example with Office 365 phishing attacks, cybercriminals will often mirror the actual Office 365 login page, pulling JavaScript and CSS directly from the legitimate website and inserting their own script to harvest credentials -- making sure that the phishing page is virtually indistinguishable from the real thing. In addition some will redirect users to legitimate Microsoft pages once they've submitted their credentials in an attempt to convince them that nothing is amiss.

"It seems like every quarter cybercriminals are upping their game and getting increasingly sophisticated, and Q1 2019 was no exception," says Adrien Gendre, chief solution architect at Vade Secure. "These hackers are now intimately familiar with how both consumer and corporate email users interact with the internet and are constantly evolving their techniques to trick users into clicking malicious links and providing their credentials. Multi-phased attacks are still on the rise as well, so all email users must be sure to keep a critical eye out for phishing and spear phishing emails, and organizations must take a comprehensive approach combining technology and training to protect their employees."

Attackers are also fooling filters by hiding phishing URLs among legitimate ones. In the case of Netflix phishing (the third most impersonated brand), emails sent to targets contained as many as six or seven legitimate Netflix links along with one malicious link.

You can read more about the findings on the Vade Secure blog and you can see the top 25 most phished brands in this graphic.  Source: betanews


Phishing Security Test

We've got something really cool for you: the new Phishing Security Test v3.0!

Sending simulated phishing emails is a fun and an effective cybersecurity best practice to patch your last line of defense… your users.

Find out the Phish-prone percentage of your organization with our free updated Phishing Security Test that now includes our New Industry Benchmarking. See where you stack up! Industry Benchmarking enables you to compare your organization’s Phish-prone percentage with others in your industry.

Find out how you are doing compared to your peers and see the difference 12 months can make after using the integrated KnowBe4 Simulated Phishing and Security Awareness Training platform!

With Our Updated Phishing Security Test:Phishing Security Test Screenshot

  • You can customize the phishing test based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry


The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Start phishing your users now. Fill out the form, and get started immediately. There is no cost.

Get Your Free PST Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews