Facebook Phishing URLs Up 176%

Facebook Login

Phishing remains one of the top methods of cyberattack, using a malicious email link or attachment.  A Q2 2019 report by Vade Secure, identifies the 25 brands that are most often impersonated in phishing attacks.  The top 10 of those are:

  1. Microsoft
  2. PayPal
  3. Facebook
  4. Netflix
  5. Bank of America
  6. Apple
  7. CIBC
  8. Amazon
  9. DHL
  10. Docusign

Further analysis by Vade Secure has indicated that an average of more than 222 unique Microsoft phishing URLs (i.e. not genuine) are created every day.  The growth of Office 365 use has made Microsoft phishing very attractive.  Office 365 is increasingly vital to companies for their email as well as document storage and management.  Learning the Office 365 credentials of just one employee, can allow cybercriminals access to documents stored in Office 365 as well as the ability to impersonate that compromised employee in email communications to co-workers, customers or suppliers. A ransomware attack could more easily be launched with a malicious link or attachment coming from a known, legitimate email address. 

Facebook’s Rise

Though Microsoft impersonated sites have been #1 for the 5th straight quarter, Facebook phishing has grown an incredible 176 percent year over year, moving it into third spot.   This data was derived from analysis of more than 600 million mailboxes worldwide.  A suggested reason for this increase may be the prevalence of social login using Facebook accounts.  Social login allows you to sign into a third-party website using your Facebook (or other social media) credentials rather than creating a new login account for that website.  This is popular with cybercriminals since obtaining your Facebook credentials can potentially allow them access to these other accounts as well. 

What To Do

Regular employee testing and training on how to detect phishing emails must become standard practice to lessen the risk of a successful phishing attack on your organizationManagement needs to make it clear that such training is not optional but rather a requirement for continued employment with the organization.  The potential consequences of falling for a phishing attack can be severe, as regular news reports remind us.    

Learn more about an affordable, effective Phishing Testing & Training Service here. 

August 29, 2019 1:47:33 PM

Bill Boisvenue

Leave a Reply

Your email address will not be published. Required fields are marked *



Getting your computer network, phones and software applications to work shouldn’t be a monumental project;
yet we constantly hear from frustrated organizations like yours who call us when they’ve finally
had enough of the poor services and excuses from their current IT support firm.

Our offer of a FREE Service ticket is a no-risk way of introducing our services.
Let us diagnose and work on the computer problem of your choice and
find out what over 25 years of service excellence feels like.

Accepting this free offer in no way obligates you to do any further business with us but of course we hope you will!

1. Because our resources are not unlimited, the free service ticket will cover a maximum of 2 hours of remote support for 1 service issue.
2. Since customers who are the best fit for our services have a minimum of 10 computers, this free offer only applies to organizations of this size.
3. This offer applies only to organizations who are not already a customer of BSC Solutions Group.

Please fill out this form and a BSC Solutions Group “IT Guardian Angel”
will contact you within 24 hours.