The type of brands that are the most targeted in phishing attacks is technology, especially those companies offering products and services to consumers. It’s not always clear why one brand might be more likely to face a malicious attack than another but it can often boil down to how well-known a company is or what their particular product does.
Vade Encrypted, a worldwide pioneer in threat response and removal with over a billion secure mailboxes, released its Phishers’ Favorites report for 2021 on Friday. The report provides a rating of the top phishing-related impersonated firms.
Facebook, which finished in second place in 2020, jumped to first place in 2021 with a 14 percent share, followed by Microsoft with a 13 percent share. Financial institutions and online shopping sites are among the other firms that have been heavily impacted.
Between January and December 2021, the study looked at over 180,000 phishing pages.
“One of the greatest dangers to people and organizations throughout the world is phishing,” says Adrien Gendre, Vade’s chief product officer. “Phishers should no longer be considered lone hackers, but rather persons who are members of organized hacking gangs.”
Victims are duped by fake security alerts and password resets.
Despite the fact that Microsoft and Facebook were responsible for more than 25% of all phishing assaults, the financial services industry was the most impacted, with six organizations in the top 20 accounting for more than 35% of all attacks. Wells Fargo, PayPal, and Chase have all been added to the list of corporations that have been impersonated the most. The hackers were able to do so by impersonating password resets and security warnings.
Microsoft was the cloud brand that was most imitated.
Last year, Microsoft phishing attempts became more sophisticated, with assaults using automation to replicate the brand’s logos and branding in Microsoft 365. Netflix and Adobe are two more cloud companies that have been imitated.
Unlike traditional email phishing attempts, Microsoft-related phishing assaults this time included a wide range of sophisticated tactics. They incorporated more than simply a phishing link and a logo in highly targeted and automated assaults.
“Attacks like the one described in the paper are intended to only activate when selected victims click on the phishing link,” Gendre says. “For example, if a person who isn’t valuable to a hacker clicks on a phishing link, the phishing website won’t load and they’ll be sent to a secure page.”
By submitting an API request to the brand with the individual’s email address, the hackers were able to validate an individual’s identity. If the ID is valid, the attackers send an HTTP post request for the brand’s logo, which is subsequently shown on the phishing website.
Phishing on social media is dominated by Facebook.
Other social media networks on the Phishers’ list were dominated by Facebook. WhatsApp and LinkedIn, which were ranked 17th and 4th, respectively, were among the others. All social media companies together accounted for 24% of all incidents. This is a significant increase from the 13% predicted in 2020.
Phishing on social media often entails sending bogus password reset requests and security warnings that route victims to a phishing site. The page is a spoof of the real thing, with the sole purpose of unlawfully obtaining user credentials.
Additional Important Findings
- Mondays and Tuesdays are the busiest phishing days.
- Weekdays account for 78 percent of phishing assaults.
- The most popular days for Facebook phishing are Monday and Thursday.
- The most popular days for Microsoft phishing are Thursday and Friday.
From Here On Out
Always be on the lookout for new phishing schemes. You will have a decreased chance of being a victim if you are aware of them early on. Ongoing security awareness training is strongly recommended for IT administrators and managers.
It’s also not a good idea to click on links that come in odd emails and instant chats. Before clicking on any questionable links, hover over them. If you have already clicked on a phishing link, this guidance on what to do after clicking a phishing link may be of assistance.
Pop-ups should also be avoided. They frequently imitate the characteristics of a website when they are really phishing attempts. As a result, prohibit them and only accept particular exceptions. Most major browsers, fortunately, enable users to prevent pop-ups.
Frequently Asked Questions
Which brand is most frequently used in phishing attacks?
A: If you are asking which brand of products is most frequently used in phishing attacks, then the answer would be that there isnt a single one. Phishers will often use a range of brands to try and fool people into thinking that they are on an official website, when these sites may actually be fake.
What are the 2 most common types of phishing attacks?
A: The most common types of phishing are called spear-phishing, which is when the emails sender makes it appear as though theyre from a legitimate person or company but in fact has no connection to that organization. This type often tricks you into entering your personal information (such as passwords and login details) by fooling you with a fake website for an actual company. Another type is spoofing, where the malicious user sends out emails pretending to be someone else in order to get personal information on individuals like banking credentials or social security numbers.
What is the number one target for phishing attacks?
A: The number one target for phishing attacks is typically an email address or a password. Most users see their account hacked and they dont know how to protect themselves, which means the hackers are able to access personal data such as bank accounts, credit cards, social security numbers and more.
