Share this article on:
A new report from Vade Secure has revealed the top 25 most impersonated brands in phishing attacks. The Q4, 2019 Phishers’ Favorite report confirmed PayPal is still the brand most commonly impersonated in phishing attacks, with 11,392 detected phishing URLs in Q4. This is the second successive quarter that PayPal has topped the list. PayPal phishing URL detections are up 23% year-over-year and new PayPal phishing URLs are now being detected at a rate of 124 a day.
There was an increase in phishing URL detections impersonating Facebook, which saw the social media giant leapfrog Microsoft (3rd) and Netflix (4th) into 2nd place. Facebook phishing URL detections are up 358.8% on Q4, 2018.
Microsoft may be in third place overall, but it is the most commonly impersonated brand in corporate phishing attacks. Microsoft now has more than 200 million active Office 365 business users and those users are targeted to gain access to their Office 365 credentials. Office 365 accounts can contain a wealth of sensitive information and can be used to conduct spear phishing attacks on partners and other employees within the organization.
One of the most notable changes in Q4 was a massive increase in phishing URLs impersonating WhatsApp, which saw the Microsoft-owned instant messaging service jump 63 places to position 5. The 5,020 detected phishing URLs in Q4 represent a 13,467.6% increase compared to Q3, 2019.
The WhatsApp phishing URL detections were the main reason why the percentage share of phishing URLs for social media brands increased from 13.1% in Q3 to 24.1% in Q4. The top ten was rounded out with Bank of America in 6th position, followed by CIBC, Desjardins, Apple and Amazon. There was also a sizeable increase in phishing URLs impersonating Instagram, which saw 187.1% growth in Q4.
Organizations in the financial services were the most impersonated in Q4 for the second successive quarter. While phishers do impersonate big banks, Vade Secure notes phishers are now favoring smaller financial institutions, which may not have such robust security controls in place to detect brand impersonation.
Vade Secure says there was a significant increase in phishing attacks impersonating note services such as OneNote and Evernote, along with increases in fake OneDrive and SharePoint notifications that lead to webpages hosting phishing kits.