Though IT professionals frequently prioritize patching software vulnerabilities, end users are often the weakest link in the security chain. Social engineering attacks—typically in the form of phishing—continue to be a popular mode of attack for cybercriminals, especially for those targeting individual users rather than large corporations. Email security firm Vade Secure published on Wednesday their list of the most-impersonated brands in the Q4 2018 Phishers’ Favorites report.
From the report, the 10 most impersonated brands in North America are:
- Bank of America
Given the ubiquity of Windows and Office, as well as other services including the Outlook.com webmail service and Xbox Live, Microsoft’s position at the top of the list should come as no surprise. Likewise, the report points to how lucrative such attacks are, as a single login provides complete access to a treasure trove of data stored in Office 365.
Office 365 phishing is also increasingly part of multi-phase attacks, in which “hackers harvest Office 365 credentials and then use those legitimate accounts to send spear phishing emails targeting those users’ colleagues or business partners,” according to the report. Because these attacks utilize legitimate accounts, they are an order of magnitude more difficult for security products to detect.
Read the full article here.