PayPal remains the top brand impersonated in phishing attacks for the second quarter in a row, with Facebook taking the #2 spot and Microsoft coming in third.
For the second straight quarter, PayPal was the most impersonated brand in phishing attacks. While PayPal phishing was down 31% compared to Q3, the volume was up 23% year over year. With a daily average of 124 unique URLs, PayPal phishing is a prevalent threat targeting both consumers and SMB employees.
Microsoft remained the primary corporate target in Q4, coming in at #3 on this quarter’s Phishers’ Favorites list. With 200 million active business users and counting, Office 365 continues to be the primary driver for Microsoft phishing.
Cybercriminals seek O365 credentials in order to access sensitive corporate information and use compromised accounts to launch targeted spear phishing attacks on other employees or partners.
In Q4, large volumes of file-sharing phishing were still seen, including fake OneDrive/SharePoint notifications leading directly to a phishing page and legitimate notifications leading to files containing phishing URLs. There’s also the emergence of note phishing impersonating services like OneNote and Evernote.
While the campaigns are similar, the key difference is that OneNote or Evernote notes are not files, but rather HTML pages. Thus, the same technology that is used by email security vendors to scan the contents of files doesn’t work with HTML pages, which means these emails have a higher likelihood of reaching users’ inboxes.
For the second quarter, financial services companies accounted for the most brands and most URLs in the Phishers’ Favorites report. A difference in Q4, however, is that there was a shift towards phishing customers of smaller banks.
One reason for this could be that while large banks have invested in building out security operations centers, incident response and takedown procedures to limit phishing campaigns impersonating their brand, smaller banks may not have the same level of controls in place.