Which brand names are most likely to be spoofed and used by hackers to try to phish people?
Well, Bleeping Computer just published a great story on this topic that includes data from Vade Secure's new report on the rankings of company names and logos being used by hackers.
Here is the top 25 list of companies being used in phishing attacks.
Clues that an email is not really from a company
SecureWorld has reported on how to spot various phishing and fake emails with clues to look for that indicate an email is not really from a company. This includes number 2 (PayPal) and number 14 (Apple) on the above list.
How to Tell if an Email Is Really from PayPal
How to Tell if an Email Is Really from Apple, iTunes, or the Apple App Store
The article in Bleeping Computer covers the interesting part of the new report, first, but then gets down to what those in the cybersecurity industry can glean from it:
What should be more concerning to security professionals is that phishing attacks are becoming more targeted... when we correlated the number of phishing URLs against the number of phishing emails blocked by our filter engine, we found that the number of emails sent per URL dropped more than 64% in Q3. This suggests that hackers are using each URL in fewer emails in order to avoid by reputation-based security defenses. In fact, we’ve seen sophisticated phishing attacks where each email contains a unique URL, essentially guaranteeing that they will bypass traditional email security tools.
This is why security awareness training remains such an essential part of each organization's security mix. More evidence comes from the 2018 User Risk Report, which surveyed 6,000 individuals. Our recent web conference on the report is complimentary to watch on-demand.
"What we found out about the personal habits of these individuals was sometimes heartening, occasionally perplexing, and frequently terrifying—but always enlightening," says Gretel Egan of Wombat Security.
