The top 10 brands featured in revealed phishing attacks

0
8

<div _ngcontent-c15 = "" innerhtml = "

Millions of people around the world have now learned to control e-mails received from familiar brands with skepticism. The sad truth is that we receive more fake and malicious emails from the brands we trust than real ones. And now the last list of brands represented in such phishing campaigns has been released.

We all receive them continuously. Email with first-rate and (usually) derided English models, which inform us that our Microsoft or Facebook or Apple accounts have been blocked due to "suspicious activity". Fortunately, the email includes a link where we can quickly unlock the problem. The problem, of course, is that the e-mail is a scam and the link is an attempt to steal our credentials to access the real site.

Phishing campaigns attempt to solicit user action – you have limited time to unlock an account or you lose access, data or both, plausibility – e-mail is been promoted by something and you trust – the e-mail template and all the linked fake pages must imitate the familiar enough not to trigger the alarm. In addition to this, we are observing various levels of refinement and professionalism. Better mock-ups, better than first-grade English, links hidden behind the images, as examples.

According to the last report from Vade Secure, almost 80% of these phishing emails are sent on a weekday and Tuesday and Wednesday are the preferred days to mount an attack. You can relax (a little) at the weekend.

The Microsoft brand has a clear advantage in terms of phishing attacks. "In the course of the fourth & lsqb; last & rsqb", the researchers report, "our artificial intelligence engine detected the incredible figure of 20.217 single Microsoft phishing URL, for an average of over 222 per day. "And we've seen more reports over the past few days about new techniques for impersonating Microsoft and scam credentials, including one that created 404 custom pages to add a new twist to attack.

There are now more than 180 million Office 365 business users: it's a playground for attacks. And once an attacker steals your Office 365 credentials, the entire world of a Microsoft user account opens. Email accounts are one thing, but cloud storage units offer even richer withdrawals and it's all there for the take.

PayPal has the second place. And I guess most people who read this have received PayPal phishing messages at some point. Stealing the credentials of PayPal is a gold mine. An intelligent data collection plan is not necessary: ​​once entered into an account, the attackers have "an immediate refund for the phishers". And with the approach of 300 million active users, once again the field of play is vast.

Facebook comes in third place, with an annual growth in phishing attacks that uses the brand reaching an incredible 176%. Big tech, financial institutions and social media are the real danger e-mails and occupy the first three slots. Social media in general is seeing the fastest growth in phishing attacks and we will all see campaigns.

Once again, as with Microsoft, Facebook-branded attacks go beyond first-level access. Login credentials for Facebook can now be used to access a wide range of third-party sites and services. And, as always, once you're inside, you're there.

The complete list of the top 10 is here:

  1. Microsoft
  2. PayPal
  3. Facebook
  4. Netflix
  5. Bank of America
  6. Apple
  7. CIBC
  8. Amazon
  9. DHL
  10. DocuSign

The Vade Secure team highlighted the growth of Amazon-branded phishing attacks for a special mention. Year-on-year growth was a surprising 411% and you will probably remember the attacks targeted at Amazon Prime Day as an example of phishing that lurk behind events to introduce a certain level of plausibility in an attack.

As always, the usual advice applies. Do not follow the e-mail links to reset the security settings. Access apps and sites normally and follow the instructions for the security pages. Those pages are reported, they are not difficult to find. Soon you will know if it is a problem. Look at the domain names, make sure they look like what you'd expect.

And, even more critically, use common sense. Is this the type of email you would expect to receive? Otherwise, it is almost certainly a phishing attack or malware of some kind.

">

Millions of people around the world have now learned to control e-mails received from familiar brands with skepticism. The sad truth is that we receive more fake and malicious emails from the brands we trust than real ones. And now the last list of brands represented in such phishing campaigns has been released.

We all receive them continuously. Email with first-rate and (usually) derided English models, which inform us that our Microsoft or Facebook or Apple accounts have been blocked due to "suspicious activity". Fortunately, the email includes a link where we can quickly unlock the problem. The problem, of course, is that the e-mail is a scam and the link is an attempt to steal our credentials to access the real site.

Phishing campaigns attempt to solicit user action – you have limited time to unlock an account or you lose access, data or both, plausibility – e-mail is been promoted by something and you trust – the e-mail template and all the linked fake pages must imitate the familiar enough not to trigger the alarm. In addition to this, we are observing various levels of refinement and professionalism. Better mock-ups, better than first-grade English, links hidden behind the images, as examples.

According to the last report from Vade Secure, almost 80% of these phishing emails are sent on a weekday and Tuesday and Wednesday are the preferred days to mount an attack. You can relax (a little) at the weekend.

The Microsoft brand has a clear advantage in terms of phishing attacks. "During the last quarter," the researchers report, "our artificial intelligence engine detected the incredible figure of 20,217 single Microsoft phishing URL, for an average of over 222 per day. "And we've seen more reports over the past few days about new techniques for impersonating Microsoft and scam credentials, including one that created 404 custom pages to add a new twist to attack.

There are now more than 180 million Office 365 business users: it's a playground for attacks. And once an attacker steals your Office 365 credentials, the entire world of a Microsoft user account opens. Email accounts are one thing, but cloud storage units offer even richer withdrawals and it's all there for the take.

PayPal has the second place. And I guess most people who read this have received PayPal phishing messages at some point. Stealing the credentials of PayPal is a gold mine. An intelligent data collection plan is not necessary: ​​once entered into an account, the attackers have "an immediate refund for the phishers". And with the approach of 300 million active users, once again the field of play is vast.

Facebook comes in third place, with an annual growth in phishing attacks that exploits the brand reaching an incredible 176%. Big tech, financial institutions and social media are the real danger e-mails and occupy the first three slots. Social media in general is seeing the fastest growth in phishing attacks and we will all see campaigns.

Once again, as with Microsoft, Facebook-branded attacks go beyond first-level access. Login credentials for Facebook can now be used to access a wide range of third-party sites and services. And, as always, once you're inside, you're there.

The complete list of the top 10 is here:

  1. Microsoft
  2. PayPal
  3. Facebook
  4. Netflix
  5. Bank of America
  6. Apple
  7. CIBC
  8. Amazon
  9. DHL
  10. DocuSign

The Vade Secure team highlighted the growth of Amazon-branded phishing attacks for a special mention. Year-on-year growth has been a surprising 411% and you will probably remember the attacks targeted at Amazon Prime Day as an example of phishing hiding behind events to introduce a certain level of plausibility in an attack.

As always, the usual advice applies. Do not follow the e-mail links to reset the security settings. Access apps and sites normally and follow the instructions for the security pages. Those pages are reported, they are not difficult to find. Soon you will know if it is a problem. Look at the domain names, make sure they look like what you'd expect.

And, even more critically, use common sense. Is this the type of email you would expect to receive? Otherwise, it is almost certainly a phishing attack or malware of some kind.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.