Posted on August 24, 2019 at 2:53 AM
Phishing is a widely known form of data stealing in which a malicious agent tries to impersonate a famous company and tricks users into providing sensitive information that will later be used against them. Some of the data that hackers often seek are credit card numbers, usernames, passwords, and other types of credentials.
If you are looking at your email messages and see one of them warning you that you got locked out of one of your accounts, manage yourself carefully. You may be dealing with a form of the phishing attack.
Microsoft: A Million Avenues to Breach User Data
One of the most commonly spoofed companies by hackers trying to trick users into giving them crucial data is tech giant Microsoft. However, these agents are currently using more famous brands to cover their shady attempts, including big corporations like Amazon and Facebook.
Vade Secure, a cybersecurity-oriented firm, has been analyzing the most commonly impersonated companies, brands, and URLs in recent weeks, and the results still show that Microsoft leads the way.
The Bill Gates-founded firm remains the brand that most hackers try to copy in their phishing attempts, with an increase of 15.5 percent in comparison to 2018 when it comes to unique malicious URLS that claim to be writing on Microsoft’s behalf.
The explanation behind the situation is that Microsoft is a highly influential online brand with an associated email account manager, in this case, Outlook Hotmail or Office 365. That makes it an obvious candidate for hackers to disguise their identity.
In the specific case of Office 365, the appeal is obvious. The accounts in the platform can become extremely valuable because they can lead to larget offenses directed to corporations and business ventures. This can be done by using the mentioned accounts to view and steal sensitive data, or by conducting further phishing attacks to other victims while using the legitimate address.
To sell their act to naive victims, the hackers usually say that the user’s account has a problem and they require to log in through a link to find a solution. That address will lead the person to a fake Microsoft Office 365 website that will capture the email addresses and passphrase entered and provide the information to the entity perpetrating the attack.
Facebook: Beware of Third-Party Services
One of the highest-growing brand names that cybercriminals use to hide their activities is social media giant Facebook. The fraudulent URLs that target Facebook accounts have increased a whopping 176 percent in the span of a year, putting the company in third place in the not-so-flattering ranking.
Facebook’s appeal is also evident, as the social media network has billions of users around the planet, so there are lots of accounts that hackers can attack. The thing is that unlike Microsoft, the usefulness of the information that the victim can provide to the attackers is not as high, other than the email address, password, and the chance of sending new phishing messages to the targeted person’s friends.
The researches consider a very important point, however. They say that while Facebook accounts per se aren’t extremely valuable, they often serve as channels that users implement to connect to numerous other services and offerings in the web, and that means more information for hackers to exploit that can be far more lucrative.
Getting a Hold on Corporate Data
Adrien Gendre, currently the chief solution architect at Vade Secure, states that phishing through Microsoft Office 365 is the avenue that many cybercriminals are using at the moment because of its potential links to incredible amounts of corporate information.
According to Gendre, the fact that so many hackers and phishers are using Microsoft and Facebook (and every related company or channel that asks for personal data to login) has fired up the alarms in every person with an email account and every organization or enterprise, as well.
The second most commonly spoofed company is a financial payments processor that requires login credentials: PayPal. However, it is fair to say in the company’s favor that the number of malicious URLs targeting the service has decreased.