Report on Phishing Attack Shows Microsoft, Paypal as well as Netflix as the Top Targets
A latest report on phishing has been released that is said to be keeping a track of top-most 25 brands which are targeted by the bad actors. Amongst those, the brands that are topping the chart are Microsoft, Paypal, as well as Netflix.
An email security provider named Vade Secure keeps a track of top-most 25 spoofed brands in the North America, which are impersonated by the phishing attacks. In their report of Q3 2018, in total there were 86 brands that were tracked, which includes 95% of the total attacks identified by the company. Microsoft and PayPal are the two companies that are commonly hit by the phishing attacks.
The main aim of the phishing attacks on Microsoft is to gather Office 365 credentials. As posted by helpnetsecurity.com on October 23, 2018, the company has explained that, "with a single set of credentials, hackers can gain access to a treasure trove of confidential files, data, and contacts stored in Office 365 apps". Moreover, the hackers can use all these compromised accounts of Office 365 "to launch additional attacks, including spear phishing, malware, and, increasingly, insider attacks targeting other users within the same organization".
On the other hand, the PayPal credentials gave the phishers instant financial payback. The Netflicks account gave the phishers valuable information like payment card info. Facebook, which was earlier in the top 5, has now moved down to the sixth position. Chase has moved up 11 entries, and has now in the 7th position.
Phishing emails of Office 365 typically point out that account of the recipient's has been disabled or suspended, and then prompts the recipient's that they have to login to their accounts for resolving the issue. The phishing forms, almost, are identical to the legitimate Office 365. The attackers create sense of urgency, and hopes that the victims became less vigilant while filling up their credentials.
It is highly advisable to do a scrutiny of the website before one enters his/her credentials. One has to see for the suspicious URLs, incorrect grammar or spelling errors, or any other kind of doubt; and in case the person has any doubt, then he/she should not enter his/her account credentials. The best option then is to contact the administrator or the company itself.
» SPAMfighter News - 10/30/2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!