Microsoft Takes Top Spot in Inaugural Phishers’ Favorites Top 25 List

Today, we’re excited to unveil a new quarterly insights series called Phishers’ Favorites. Inspired by Billboard’s charts of the top songs and albums, the Phishers’ Favorites list highlights the 25 most commonly spoofed brands in North America in Q2 2018, including their current position and how many spots they moved up or down since the previous quarter.

The list was compiled by tallying the number of new phishing URLs analyzed and detected each day by Vade filter engine. Examples of these URLs and their corresponding pages are available on www.IsItPhishing.AI. One note: as the list focuses strictly on phishing URLs, it’s difficult to project email volumes using this data alone. Many hackers use a single URL for tens or hundreds of thousands of emails, while others use a unique URL for each phishing email to avoid detection by reputation-based security defenses.

Without further ado, here is the inaugural Phishers’ Favorites infographic, with more detailed analysis and commentary below. Enjoy! And be sure to check back next quarter to see how the list evolves.


Microsoft Claims the #1 Spot as Office 365 Attacks Surge

In Q2 2018, Microsoft unseated incumbent Facebook for the top spot, propelled by a 57% increase in phishing URLs. With adoption of Microsoft Office 365 surging, it’s clear that Office 365 has become the number one target for corporate phishing attacks. The reason is that it’s highly profitable to compromise an Office 365 account. Hackers see email-based attacks as an easy entry point into a treasure trove of data, files, and contacts from other Office 365 apps—including SharePoint, OneDrive, Skype, Excel, CRM, etc.


Office 365 phishing page Office 365 phishing page. Source: www.IsItPhishing.AI


Just look at how much Microsoft-based phishing URLs dwarf other brands in the top 10:

Coming in a distant second was PayPal, which moved up one spot thanks to a 16% increase in phishing URLs. PayPal has always been one of the most targeted brands by phishers, and for obvious reasons: it is the most widely used online payment service worldwide, with more than 237 million active users as of Q1 2018. It’s also accepted by a many online vendors worldwide, making PayPal credentials highly lucrative.

Facebook dropped two spots to #3 on the heels of a 54% decline in phishing URLs. Facebook has historically been a popular phishing target, as accounts not only contain rich consumer data but they are also used to access numerous third-party apps and services. Yet, Facebook’s efforts to increase the security, perhaps combined with greater scrutiny of the platform in the wake of the Cambridge Analytica scandal, led hackers to target Facebook much less in Q2.

Cloud dominates but not all vendors saw increased phishing attacks

In addition to looking at individual brands, we categorized them based on industry to see what additional trends we could uncover. Financial services had the most companies in the top 25 with seven, followed by cloud (6), e-commerce/logistics (5), internet/telco (4), and social media (3). Yet, cloud dominated other sectors, representing 50% of total phishing URLs, followed by financial services (26%), social media (11%), e-commerce/logistics (8%), and internet/telco (5%).

In terms of cloud, Microsoft clearly contributed significantly to the category’s overall 21% increase in phishing URLs in Q2. Netflix also played a key role, with a 50% rise in phishing URLs that pushed it up three spots to #4. The streaming video service is a popular target for hackers, likely because of its large and rapidly growing global footprint, with 125 million streaming subscribers as of Q1 2018. Moreover, as Wire reported late last year, Netflix phishing attacks not only harvest Netflix credentials but also credit card information by pretending that the user’s account has been suspended due to a billing issue.


Netflix phishing page Netflix phishing page. Source: www.IsItPhishing.AI


What’s interesting is that three major cloud companies—Google, Dropbox, and DocuSign—all saw double-digit declines in phishing URLs in Q2. It’s hard to pinpoint a single reason for this drop. In the case of Google, it may be the result of recent efforts to beef up security for Gmail accounts, or the fact that in the corporate market, its market share simply isn’t growing as fast as Office 365.

Financial services remain a popular target; cryptocurrency phishing is a trend to watch

While financial services ranked second in terms of total phishing URLs, the category saw the biggest quarterly growth at 29%. Bank of America drove the most meaningful contribution to this growth with a 135% increase in phishing URLs. PayPal, Wells Fargo, and Credit Agricole saw more modest growth, while Banque Populaire, Chase and USAA saw double-digit declines. RBC saw the biggest overall percentage increase (767%) of the entire top 25, but this was on a much smaller base of phishing URLs.


Bank of America phishing page Bank of America phishing page. Source: www.IsItPhishing.AI


Lastly, one thing that’s not represented on the Phishers’ Favorite list but is a trend worth monitoring is the growth of cryptocurrency phishing attacks. Cryptocurrency services and marketplaces, such as Luno, Bittrex or Blockchain, are increasingly the subject of phishing attacks, as the popularity—and value—of cryptocurrency grows. Moreover, the fact that there’s minimal legal background or precedent in this area makes them more attractive targets.


Luno phishing page Luno phishing page. Source: www.IsItPhishing.AI



Learn more about  Office 365 protection! Download our latest eBook