U.S. Markets close in 3 hrs 14 mins

Cybercriminals Get Social; Facebook and Instagram Phishing Rose Dramatically in Q1 2019

Vade Secure's Q1 Phishers' Favorites Report also investigates the increasingly sophisticated tactics being utilized by cybercriminals targeting Office 365 and corporate email users

SAN FRANCISCO, May 2, 2019 /PRNewswire/ -- Vade Secure, the global leader in predictive email defense, today published the results of its Phishers' Favorites report for Q1 2019, which reveals that social media phishing, primarily Facebook and Instagram, saw the highest quarter-over-quarter growth of any industry with a 74.7 percent increase. While Facebook has been in the top 10 since the report's inception, Instagram cracked the top 25 for the first time, taking the #24 spot on the Phishers' Favorites list.

https://www.vadesecure.com/en/ (PRNewsfoto/Vade Secure)

With the headlines about Facebook storing hundreds of millions of user passwords in plain text, and requiring some new users' email passwords in order to sign up, Vade Secure believes that hackers could have been taking advantage of the confusion and concerns of Facebook users to lure them into clicking on phishing pages. The company also detected the same phishing attack that was publicized in early March around Instagram phishing emails claiming to offer a verified Instagram badge to trick recipients into providing their credentials.

Microsoft remains the most phished brand, as hacker techniques continue to evolve

Overall, Microsoft remained the most impersonated brand in phishing attacks for the fourth straight quarter. Microsoft's sustained popularity with hackers stems from the lucrativeness of Office 365 credentials, which provide a single entry point to the entire Office 365 suite while enabling them to conduct multi-phased attacks using compromised accounts.

Moreover, analysis of phishing emails and pages reveals that attackers are getting increasingly sophisticated with attacks targeting corporate email users. A few techniques include:

  • Mirroring real brand assets. With Office 365 phishing attacks, cybercriminals will often mirror the actual Office 365 login page, pulling JavaScript and CSS directly from the legitimate website and inserting their own script to harvest credentials - making sure that the phishing page is virtually indistinguishable from the real thing.
  • Redirecting to legitimate content. Vade research found that many Microsoft phishing pages actually redirected users to legitimate Microsoft pages once they'd submitted their credentials in an attempt to convince them that nothing was amiss. In addition, the "reply-to" address in some phishing emails was a legitimate Microsoft email: support@microsoft.com.  
  • Mixing safe and malicious URLs. In the case of Netflix phishing (the #3 most impersonated brand), the emails sent to targets contained as many as six or seven legitimate Netflix links along with one malicious link. This technique is aimed at fooling both reputation-based email filters and users, who check one or two links and then assume that the entire email is legitimate.
  • Preying upon mobile email readers. Many Netflix users do not sign up for accounts using their corporate email address; yet Vade found that corporate users are often the targets of Netflix phishing. Because of the way email is viewed on mobile devices - often multiple accounts from one app - cybercriminals are likely hoping that users won't notice, assuming that the email was sent to their correct address.

"It seems like every quarter cybercriminals are upping their game and getting increasingly sophisticated, and Q1 2019 was no exception," said Adrien Gendre, Chief Solution Architect, Vade Secure. "These hackers are now intimately familiar with how both consumer and corporate email users interact with the internet and are constantly evolving their techniques to trick users into clicking malicious links and providing their credentials. Multi-phased attacks are still on the rise as well, so all email users must be sure to keep a critical eye out for phishing and spear phishing emails, and organizations must take a comprehensive approach combining technology and training to protect their employees."

As with the previous editions, the Phishers' Favorites report was compiled by tallying the number of unique phishing URLs detected by Vade Secure and made publicly available on www.IsItPhishing.AI. Leveraging data from more than 600 million protected mailboxes worldwide, Vade's machine learning algorithms identify the brand being impersonated as part of their real-time analysis of the URL and page content.

For more information and to dive deeper into the data, please read Vade Secure's blog post.

About Vade Secure
Vade Secure helps SMBs, enterprises, ISPs and OEMs protect their users from advanced cyberthreats, such as phishing, spear phishing, malware, and ransomware. The company's predictive email defense solutions leverage artificial intelligence, fed by data from 600 million mailboxes, to block targeted threats and new attacks from the first wave. In addition, real-time threat detection capabilities enable SOCs to instantly identify new threats and orchestrate coordinated responses. Vade Secure's technology is available as a native, API-based offering for Office 365; as cloud-based solutions; or as lightweight, extensible APIs for enterprise SOCs.

For more information, visit www.VadeSecure.com and follow the company on Twitter @VadeSecure or on LinkedIn at https://www.linkedin.com/company/vade-secure/.

Media Contact
SHIFT Communications for Vade Secure
Jenna Finn 
jfinn@shiftcomm.com; (617) 779-1875



View original content to download multimedia:http://www.prnewswire.com/news-releases/cybercriminals-get-social-facebook-and-instagram-phishing-rose-dramatically-in-q1-2019-300841712.html