Facebook Phishing URLs Up 176%

Facebook Login

Phishing remains one of the top methods of cyberattack, using a malicious email link or attachment.  A Q2 2019 report by Vade Secure, identifies the 25 brands that are most often impersonated in phishing attacks.  The top 10 of those are:

  1. Microsoft
  2. PayPal
  3. Facebook
  4. Netflix
  5. Bank of America
  6. Apple
  7. CIBC
  8. Amazon
  9. DHL
  10. Docusign

Further analysis by Vade Secure has indicated that an average of more than 222 unique Microsoft phishing URLs (i.e. not genuine) are created every day.  The growth of Office 365 use has made Microsoft phishing very attractive.  Office 365 is increasingly vital to companies for their email as well as document storage and management.  Learning the Office 365 credentials of just one employee, can allow cybercriminals access to documents stored in Office 365 as well as the ability to impersonate that compromised employee in email communications to co-workers, customers or suppliers. A ransomware attack could more easily be launched with a malicious link or attachment coming from a known, legitimate email address. 

Facebook’s Rise

Though Microsoft impersonated sites have been #1 for the 5th straight quarter, Facebook phishing has grown an incredible 176 percent year over year, moving it into third spot.   This data was derived from analysis of more than 600 million mailboxes worldwide.  A suggested reason for this increase may be the prevalence of social login using Facebook accounts.  Social login allows you to sign into a third-party website using your Facebook (or other social media) credentials rather than creating a new login account for that website.  This is popular with cybercriminals since obtaining your Facebook credentials can potentially allow them access to these other accounts as well. 

What To Do

Regular employee testing and training on how to detect phishing emails must become standard practice to lessen the risk of a successful phishing attack on your organizationManagement needs to make it clear that such training is not optional but rather a requirement for continued employment with the organization.  The potential consequences of falling for a phishing attack can be severe, as regular news reports remind us.    

Learn more about an affordable, effective Phishing Testing & Training Service here.