Social media phishing, primarily on Facebook and Instagram, has seen a 74.7 percent increase in the first quarter of 2019. A new report on the current phishing landscape from predictive email defense company Vade Secure also shows that Microsoft has retained its spot as the most impersonated brand for four straight quarters, due to the potentially lucrative returns to be gained from Office 365 credentials.
It also reveals increasing sophistication in attacks. For example with Office 365 phishing attacks, cybercriminals will often mirror the actual Office 365 login page, pulling JavaScript and CSS directly from the legitimate website and inserting their own script to harvest credentials -- making sure that the phishing page is virtually indistinguishable from the real thing. In addition some will redirect users to legitimate Microsoft pages once they've submitted their credentials in an attempt to convince them that nothing is amiss.
"It seems like every quarter cybercriminals are upping their game and getting increasingly sophisticated, and Q1 2019 was no exception," says Adrien Gendre, chief solution architect at Vade Secure. "These hackers are now intimately familiar with how both consumer and corporate email users interact with the internet and are constantly evolving their techniques to trick users into clicking malicious links and providing their credentials. Multi-phased attacks are still on the rise as well, so all email users must be sure to keep a critical eye out for phishing and spear phishing emails, and organizations must take a comprehensive approach combining technology and training to protect their employees."
Attackers are also fooling filters by hiding phishing URLs among legitimate ones. In the case of Netflix phishing (the third most impersonated brand), emails sent to targets contained as many as six or seven legitimate Netflix links along with one malicious link.
You can read more about the findings on the Vade Secure blog and you can see the top 25 most phished brands in this graphic. Source: betanews