Vade Secure’s Q2 Phishers’ Favorites Report details cybercriminals’ tactics for targeting Office 365 email users and impersonating major brands such as PayPal and Amazon

BOSTON, Mass. – August 22, 2019 – Vade Secure, the global leader in predictive email defense, today published the results of its Phishers’ Favorites report for Q2 2019. According to the report, which ranks the 25 most impersonated brands in phishing attacks, Microsoft was by far the top target for the fifth straight quarter. There was also a significant uptick in Facebook phishing, as the social media giant moved up to the third spot on the list as a result of a staggering 176 percent YoY growth in phishing URLs.

The report, which can be read in full here, was developed by analyzing the number of unique phishing URLs detected by Vade Secure and made publicly available on www.IsItPhishing.AI. Leveraging data from more than 600 million protected mailboxes worldwide, Vade’s machine learning algorithms identify the brand being impersonated as part of its real-time analysis of the URL and page content.

Microsoft phishing continues to dominate

Microsoft has ranked number one on the Phishers’ Favorites list every quarter since the official rankings were first released over a year ago. In Q2 2019, Vade’s AI engine detected 20,217 unique Microsoft phishing URLs, for an average of more than 222 per day. This represents a 15.5 percent YoY increase, compared to Q2 2018.

Microsoft phishing has become a potential goldmine thanks to the growth of Office 365, which boasts more than 180 million active monthly business users. Office 365 is increasingly the heart of companies, providing the essential services (email, chat, document management, project management, etc.) that businesses depend on to run. Each set of Office 365 credentials provides a single entry point not just to the entire platform but the entire business, allowing cybercriminals to launch insider attacks targeting anyone in the organization in just one step. 

Facebook surges

Facebook phishing has been on a tear throughout 2019 and advanced one spot up to number three in Q2 thanks to a 175.8 percent increase in phishing URLs. One explanation for this rise in popularity could be the prevalence of social sign-on using Facebook accounts, a feature called Facebook Login. This is particularly attractive to cybercriminals because they’ll be able to see what other apps the user has authorized via social sign-on, and potentially compromise those accounts as well.

Additional key findings within the Q2 Phishers’ Favorites report include:

  • PayPal (#2), Netflix (#4), Bank of America (#5), Apple (#6), CIBC (#7), Amazon (#8), DHL (#9) and DocuSign (#10) rounded out the top 10 most impersonated brands.
  • Amazon phishing URLs saw a massive spike in Q2 – growing 182.6 percent over Q1, and 411.5 percent YoY. This coincides with reports of a new Amazon phishing kit in May, as well as the lead up to Prime Day 2019.
  • In terms of the most impersonated industries, cloud companies took the top spot for the fifth straight quarter with 37.6 percent, followed by financial services (33.1 percent), social media (15.6 percent), e-commerce/logistics (7.7 percent) and internet/telco (5.2 percent).
  • A large majority of phishing (80 percent) took place on weekdays, while Tuesdays and Wednesdays were the most popular days for cybercriminals to take their shot.

“Cybercriminals are more sophisticated than ever, and the ways they target corporate and consumer email users continued to evolve in Q2,” said Adrien Gendre, Chief Solution Architect at Vade Secure. “Microsoft Office 365 phishing is the gateway to massive amounts of corporate data, while gaining access to a consumer’s Facebook log-in information could compromise much of their personal, sensitive information. The fact that we saw such a significant volume in impersonations of these two brands, along with the coinciding new methods of attack, means that virtually all email users and organizations need to be on heightened alert.”

For full insight into the top 25 most impersonated brands and specifics into the latest tactics and phishing attack methods being deployed, please read the full report on the Vade Secure blog.

About Vade Secure

Vade Secure helps SMBs, enterprises, ISPs and OEMs protect their users from advanced cyberthreats, such as phishing, spear phishing, malware, and ransomware. The company’s predictive email defense solutions leverage artificial intelligence, fed by data from 600 million mailboxes, to block targeted threats and new attacks from the first wave. In addition, real-time threat detection capabilities enable SOCs to instantly identify new threats and orchestrate coordinated responses. Vade Secure’s technology is available as a native, API-based offering for Office 365; as cloud-based solutions; or as lightweight, extensible APIs for enterprise SOCs.

For more information, visit www.VadeSecure.com and follow the company on Twitter @VadeSecure or on LinkedIn at https://www.linkedin.com/company/vade-secure/.

# # #

Media contacts:

Jenna Finn
SHIFT Communications for Vade Secure
Phone: (617) 779-1875
Email: vadesecure@shiftcomm.com