Move over Microsoft: PayPal's the new phishers' phave

Statistics compiled by email security vendor Vade Secure suggest that PayPal has overtaken Microsoft as the brand most abused by phishers currently.

Vade Secure said its fifth quarterly summary of phishing statistics that PayPal's initial backing of Facebook's Libra cryptocurrency and expansion plans for its Xoom money transfer platform may have attracted criminals to impersonate the popular online payments service.

In October this year, a large "cyber-hameçonnage" PayPal phishing campaign targeted over 700,000 people in Europe with emails threatening legal action unless victims pay a small sum of money through the online payments service.

Microsoft held the top spot since Vade Secure started publishing quarterly stats, but has become less abused by criminals while PayPal phishes rose sharply in the last three quarters of 2019.

Vade Secure speculated that the almost one-third drop in unique Microsoft phishing links it saw could be due to criminals moving from corporate to consumer victims over the summer months.

The third most popular "phishing brand" is Netflix, followed by Facebook, Bank of America, Apple, Chase, CIBC, Amazon and DHL, Vade Secure said.

Cloud services used to be the most impersonated by phishers, but have been overtaken by the financial sector; government phishes are also growing rapidly along with e-commerce and logistics sectors.

Phishers are improving their methods of deception to get through detection and defence mechanisms. 

Randomisation through modified brand logos so as to fool template and feature matching algorithms that look for exact image matches is increasingly used by phishers.

With better constructed emails, phishers can reuse the same webpage for many messages, obviating the need to create unique URLs for each, which in turn makes attacks more scalable for them.

Criminals also use Office 365 OneDrive files and SharePoint documents, and generate legitimate notifications from Microsoft's online productivity suite with links to phishing pages Vade Secure said.

Phishing and related attacks such as vishing, smishing and pharming continues to be a growing problem, which the United States Federal Bureau of Investigation estimated cost victims US$1.2 billion last year.