Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Social Media Phishing Attacks Up More Than 70 Percent

Stu Sjouwerman | May 3, 2019
Phishing-Poster

Social media phishing, primarily on Facebook and Instagram, has seen a 74.7 percent increase in the first quarter of 2019. A new report on the current phishing landscape from predictive email defense company Vade Secure also shows that Microsoft has retained its spot as the most impersonated brand for four straight quarters, due to the potentially lucrative returns to be gained from Office 365 credentials.

It also reveals increasing sophistication in attacks. For example with Office 365 phishing attacks, cybercriminals will often mirror the actual Office 365 login page, pulling JavaScript and CSS directly from the legitimate website and inserting their own script to harvest credentials -- making sure that the phishing page is virtually indistinguishable from the real thing. In addition some will redirect users to legitimate Microsoft pages once they've submitted their credentials in an attempt to convince them that nothing is amiss.

"It seems like every quarter cybercriminals are upping their game and getting increasingly sophisticated, and Q1 2019 was no exception," says Adrien Gendre, chief solution architect at Vade Secure. "These hackers are now intimately familiar with how both consumer and corporate email users interact with the internet and are constantly evolving their techniques to trick users into clicking malicious links and providing their credentials. Multi-phased attacks are still on the rise as well, so all email users must be sure to keep a critical eye out for phishing and spear phishing emails, and organizations must take a comprehensive approach combining technology and training to protect their employees."

Attackers are also fooling filters by hiding phishing URLs among legitimate ones. In the case of Netflix phishing (the third most impersonated brand), emails sent to targets contained as many as six or seven legitimate Netflix links along with one malicious link.

You can read more about the findings on the Vade Secure blog and you can see the top 25 most phished brands in this graphic.  Source: betanews

Topics: Phishing

Stop Being a Target for Social Media Exploits

Social media is the new frontier for targeted spear phishing and credential theft. Use our Free Social Media Phishing Test to identify which users are likely to click malicious links or leak data on platforms like LinkedIn and X, and get your results in just 24 hours.

Get Your Free Test

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Stu Sjouwerman

ABOUT STU SJOUWERMAN

Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

Read more from Stu »

Subscribe the KnowBe4 Blog

Posts By Topic

View All