Vade Discovers Phishing Attack Targeting 550M Email Users
Adrien Gendre
—April 26, 2018
—2 min read

Vade has discovered a new phishing attack that represents more than 550 million emails sent since Q1 2018. First detected in early January, the phishing attack is targeting consumers around the world. Countries with high concentrations of impacted email users include the US, UK, France, Germany, and the Netherlands.
The phishing attack attempts to steal users’ bank account details by offering them a coupon or discount in exchange for participating in a quiz or online contest. The emails masquerade as popular brands, online streaming services, and telecom operators based on the country of the recipients. Examples include Canada Pharmacy in the US, as well as Orange and Carrefour in France. Moreover, the content of the messages is adapted according to the local language.
Here are a few examples of the actual phishing emails:
What's different about this phishing attack?
Phishing pages are typically hosted on pirated websites. In this case, the IP addresses, servers, and domain names appear to be leased and therefore legitimate. Because the infrastructure cost is high, amounting to several tens of thousands of dollars, the attack is likely being undertaken by a serious criminal organization. Furthermore, the hackers have used tools to shorten URLs and link several hundred URLs together, in order to hide the ultimate destination address and jam detection tools.
Because of the sophistication of these techniques, the phishing attack was not detected by many existing email security solutions. This validates findings from Gartner that “advanced threats are easily bypassing the signature-based and reputation-based prevention mechanisms that a secure email gateway (SEG) has traditionally used.”
By contrast, Vade predictive email defense technology has blocked the phishing emails since the attack commenced in January. We were able to do this because our solution leverages artificial intelligence and advanced techniques for analyzing URLs and threat context in real time to block unknown, highly dynamic attacks.
Volume of unique phishing attacks surges past malware in Q1 2018
Lately, malware and ransomware have garnered the lion’s share of media attention. This is being driven by a string of high-profile attacks, including the Quant Loader trojan, the resurgence of Wannacry, and the ransomware attack that crippled the city of Atlanta. Not surprisingly, Google Trends reveals that searches for malware have consistently outpaced those for phishing over the last 12 months:
Despite all the hype surrounding malware, phishing attacks are actually the bigger, more immediate threat to both consumers and corporations. According to data from the Vade SOC, the number of unique malwares caught by our filter exceeded the number of unique phishing emails throughout 2017, spiking in November. With the launch of this new attack in January 2018, however, unique phishing emails surged past malware. In fact, the ratio of phishing to malware was nearly 21:1 in Q1 2018.
Advice for avoiding phishing attacks
It’s clear that phishing continues to be a popular cyberattack vector for hackers. The reason is that phishing attacks are easy to implement and highly effective. Studies show that a staggering 30 percent of phishing emails get opened.
To avoid becoming a victim, consider the following advice:
- Always be vigilant even if the email message appears to be coming from a familiar brand. Hackers prey on unsuspecting victims by masquerading as popular brands, such as Microsoft, Drobox, Facebook, Apple, etc.
- A company will never ask for personally identifiable information (e.g. social security, credit card, bank account number) via email.
- Never click on a link if the email seems suspicious to you. If you're concerned about a link, use Vade free service www.isitphishing.ai to check whether it’s a phishing page or not.