Microsoft and Facebook Impersonation Spreading

Phishers just love Microsoft. Why? Because we keep falling for their fake emails.

On a quarterly basis, Vade Secure, puts out their quarterly Phisher’s Favorites report, documenting the top domains that are being borrowed by cons for some very sophisticated phishing attacks and once again Microsoft takes the lead.

Similar to last quarter’s results, the top five domains remain the same: Microsoft, Paypal, Netflix, Facebook, and Bank of America. But in recent months, Facebook phishing emails have burst past Netflix to make it the third-most impersonated brand this quarter, moving closer to Paypal’s number two spot.

Microsoft’s popularity is based on the profitable nature of Office 365 credentials; with a single credential, attackers can potentially access a wealth of information and services, similar to none. These attacks are also getting more strategic, according to Vade Secure, with phishers continuing to repurpose JavaScript, CSS, and other code from the legitimate Microsoft website to recreate an identical user experience that fools even the most discerning eye.

According to KnowBe4, with such well-known and well-used brands being utilized to create the illusion of legitimacy with potential victims, organizations need to train users using continual Security Awareness Training not just how to be vigilant looking for malicious email and web content, but also to have a security-centric mindset when working.

Seeing the same old tricks used over and over still producing results means security awareness training is more critical than ever. Contact DarkHound SecOps to schedule your security awareness training today at [email protected].

Image Source: https://www.pexels.com/photo/adult-business-computer-connection-265651/