Netflix Gets a Holiday Bump, #2 in Q4 Phishers’ Favorites Report

Microsoft remains the number one impersonated brand with 2.3 times more phishing URLs than Netflix driven by a rise in multi-phased attacks

SAN FRANCISCO, CALIF. - Jan. 23, 2019 - Vade, the global leader in predictive email defense, today published the results of its quarterly Phishers’ Favorites report which revealed that although Microsoft remains the top target for phishers, Netflix saw an incredible surge in Dec., making it the second most impersonated brand in Q4 2018. As a result of the increased activity surrounding Netflix, PayPal moved down the list to number three after having spent the past two quarters in the second seat. Banks round out the top five brands as Bank of America sits at number four and Chase at number five.

Additional data from the Q4 Phishers’ Favorites report includes:

  • Microsoft remains the #1 impersonated brand, receiving more than 2.3 times the number of phishing URLs than Netflix. One credential can provide hackers with a single entry point to all of the apps under the Office 365 platform—as well as the files, data, contacts, etc. stored in them - meaning that they can use these legitimate accounts to conduct insider attacks on colleagues or spear phishing attempts targeting business partners. These sort of multi-phased attacks have been steadily increasing over the past year, and show no signs of slowing down.
  • Netflix phishing spiked in December (+25.7 percent), and Christmas day was the single biggest day for Netflix phishing in all of 2018. Cybercriminals sending emails that “Netflix is having trouble with your current billing information” is a classic phishing technique, but that doesn’t mean people don’t fall for it. So many in fact that the FTC issued a warning in December. With many people binge-watching Netflix shows with their families over the holidays, the fear of having their account suspended provides a sense of urgency, causing them to take action and provide their billing information right away.
  • Hackers are sending the most phishing emails on Tuesdays and Wednesdays, a shift from Q3, where the most popular days were Tuesdays and Thursdays. One of the most interesting observations is that phishers primarily mimic the work week schedule. Specifically, Microsoft phishing spikes on Tuesday and Wednesday; remains strong Monday, Thursday, and Friday; and then drops significantly over the weekend. The only brand that sees strong phishing over the weekend is Bank of America, with cybercriminals taking advantage of the fact that banks and customer service lines are closed on Sundays and sending emails that incite fear.

“With phishers getting more sophisticated, we’ve seen a surge in the number of orchestrated multi-phased attacks being carried out,” said Adrien Gendre, Chief Solution Architect, Vade. “Their aim isn’t simply to harvest credentials but rather to leverage compromised Office 365 accounts to conduct targeted attacks laterally within the organization. That’s why cybersecurity defenses focused only on the perimeter are outdated. Organizations must rethink email protection to handle those threats coming from inside their organization.”

As with the previous editions (Q2 2018 and Q3 2018), the Phishers’ Favorites report was compiled by tallying the number of new phishing URLs detected each day by Vade and made publicly available on www.IsItPhishing.AI. Vade's machine learning algorithms identify the brand being impersonated as part of their real-time analysis of the URL and page content. A total of 86 brands are currently tracked and analyzed for purposes of Phishers’ Favorites.

Introducing Phishers’ Favorites Lake

Vade is introducing Phishers’ Favorites Lake, a free, interactive tool open exclusively to press, analysts, and bloggers that allows them to conduct their own analysis of Vade  Phishers’ Favorites data. Leveraging threat intelligence from 550 million protected mailboxes and 2 billion daily URLs, the Lake provides unprecedented insight into global phishing trends, including the most commonly impersonated brands in phishing attacks, and whether the volume of URLs for each brand is rising or falling.

Phishers’ Favorites Lake empowers third parties to find their own stories using the industry’s most comprehensive source of phishing intelligence. Interested parties can request access here.