Cybercriminals Get Social; Facebook and Instagram Phishing Rose Dramatically in Q1 2019

Vade Secure’s Q1 Phishers’ Favorites Report Also Investigates the Increasingly Sophisticated Tactics Being Utilized by Cybercriminals Targeting Office 365 and Corporate Email Users

Vade Secure, the global leader in predictive email defense, published the results of its Phishers’ Favorites report for Q1 2019, which reveals that social media phishing, primarily Facebook and Instagram, saw the highest quarter-over-quarter growth of any industry with a 74.7 percent increase. While Facebook has been in the top 10 since the report’s inception, Instagram cracked the top 25 for the first time, taking the #24 spot on the Phishers’ Favorites list.

With the headlines about Facebook storing hundreds of millions of user passwords in plain text, and requiring some new users’ email passwords in order to sign up, Vade Secure believes that hackers could have been taking advantage of the confusion and concerns of Facebook users to lure them into clicking on phishing pages. The company also detected the same phishing attack that was publicized in early March around Instagram phishing emails claiming to offer a verified Instagram badge to trick recipients into providing their credentials.

Microsoft remains the most phished brand, as hacker techniques continue to evolve

Overall, Microsoft remained the most impersonated brand in phishing attacks for the fourth straight quarter. Microsoft’s sustained popularity with hackers stems from the lucrativeness of Office 365 credentials, which provide a single entry point to the entire Office 365 suite while enabling them to conduct multi-phased attacks using compromised accounts.

Marketing Technology News: Price f(x) Introduces Innovative Plug-and-Play CRM Integration and Enhanced Features to CPQ Solution

Moreover, analysis of phishing emails and pages reveals that attackers are getting increasingly sophisticated with attacks targeting corporate email users. A few techniques include:

  • Mirroring real brand assets. With Office 365 phishing attacks, cybercriminals will often mirror the actual Office 365 login page, pulling JavaScript and CSS directly from the legitimate website and inserting their own script to harvest credentials – making sure that the phishing page is virtually indistinguishable from the real thing.
  • Redirecting to legitimate content. Vade research found that many Microsoft phishing pages actually redirected users to legitimate Microsoft pages once they’d submitted their credentials in an attempt to convince them that nothing was amiss. In addition, the “reply-to” address in some phishing emails was a legitimate Microsoft email
  • Mixing safe and malicious URLs. In the case of Netflix phishing (the #3 most impersonated brand), the emails sent to targets contained as many as six or seven legitimate Netflix links along with one malicious link. This technique is aimed at fooling both reputation-based email filters and users, who check one or two links and then assume that the entire email is legitimate.
  • Preying upon mobile email readers. Many Netflix users do not sign up for accounts using their corporate email address; yet Vade found that corporate users are often the targets of Netflix phishing. Because of the way email is viewed on mobile devices – often multiple accounts from one app – cybercriminals are likely hoping that users won’t notice, assuming that the email was sent to their correct address.

Marketing Technology News: Enterprise Bank & Trust Partners with Bounteous and Acquia to Launch Brand New Marketing and Technology Experience

“It seems like every quarter cybercriminals are upping their game and getting increasingly sophisticated, and Q1 2019 was no exception,” said Adrien Gendre, Chief Solution Architect, Vade Secure. “These hackers are now intimately familiar with how both consumer and corporate email users interact with the internet and are constantly evolving their techniques to trick users into clicking malicious links and providing their credentials. Multi-phased attacks are still on the rise as well, so all email users must be sure to keep a critical eye out for phishing and spear phishing emails, and organizations must take a comprehensive approach combining technology and training to protect their employees.”

As with the previous editions, the Phishers’ Favorites report was compiled by tallying the number of unique phishing URLs detected by Vade Secure and made publicly available. Leveraging data from more than 600 million protected mailboxes worldwide, Vade’s machine learning algorithms identify the brand being impersonated as part of their real-time analysis of the URL and page content.

Marketing Technology News: Tetra TV Launches Transparent Advertising Network for Connected TV