Updated 08/28 with new phishing information from Netskope and SlashNext reports
New threat analysis from researchers at Kaspersky has revealed a dramatic rise in the number of password-stealing attacks targeting Amazon, Facebook and, most of all, Google users. Here’s what you need to know.
Amazon, Facebook And Gmail Are A Magnet For Password Hackers
It should come as no surprise that the likes of Gmail, Facebook, and Amazon account credentials are so sought after by malicious hackers. After all, such accounts can be used to complete the cybercrime triumvirate of data theft, malware distribution and credit card fraud respectively. Google accounts, in particular, are something of a skeleton key that can unlock a treasure trove of other account credentials and personal information to commit fraud. Just think about the information that is contained in your Gmail inbox, and the chances are high that you have one given how popular the web-based free email service is. And that’s before you consider how many organizations still send password change requests and second-factor authentication links to your email account.
Kaspersky analyzed a total of 25 of the biggest and most popular global brands in order to determine those that are targeted more by cybercriminals when it comes to phishing attacks. The researchers found, Kaspersky said, that there were around 26 million attempts to access malicious sites masquerading as any one of these brands in the first half of 2024 alone. That represents an increase of approximately 40% increase from the same period in 2023.
Phishing Attacks Against Google Increased By 243%
Sitting at the top of the phishing target pile, for all the reasons already mentioned, was Google. When it comes to attempting to steal credentials such as passwords, Google remains a firm favorite on the cybercriminal attack radar. Kaspersky said it had seen a 243% increase in attack attempts for the first six months of 2024, with some 4 million such attempts blocked by Kaspersky security solutions during this period.
“This year has seen a significant increase in phishing attempts targeting Google,” Olga Svistunova, a security expert at Kaspersky, said, confirming that a criminal who gains access to a Gmail account “can potentially access multiple services, making it a prime target.”
Facebook users saw 3.7 million phishing attempts according to the Kaspersky research, which has yet to be published publicly online, while Amazon was on 3 million. Microsoft, DHL, PayPal, Mastercard, Apple, Netflix and Instagram completed the top ten most targeted brands list. Although they didn’t make the top ten, Kaspersky said that other brands seeing a dramatic increase in targeting during the first six months of the year included HSBC, eBay, Airbnb, American Express, and LinkedIn.
It’s important to note, however, that Kaspersky security researchers have put this rise down to an increase in fraudulent activity and not any decline in vigilance on the part of the targeted users.
Microsoft Targeted By New Upswing In QR Code Phishing
Microsoft might have only came fourth in the Kaspersky list of attacks targeting brands, but one phishing technique has seen the Redmond giant rocket in recent months. According to a new report by Jan Michael Alcantara, a threat research engineer at Netskope, “a 2,000-fold increase in traffic to phishing pages delivered through Microsoft Sway” was tracked across July 2024 alone. Microsoft Sway is freely available to users of Microsoft 365 as a cloud-based application to enable the creation of visually rich documentation, newsletters and presentations. Alcantara notes that when opening a Sway page, a potential victim is already logged in to their Microsoft 365 account which adds an air of legitimacy to the phishing attempts. Attempts that, as tracked by Netskope at least, target Microsoft Office credentials by the use of QR codes. The target is advised to scan a QR code on their smartphones for ease of use, but the main reason is to bypass stricter security measures found on corporate laptops. This particular campaign used some interesting techniques to avoid arousing suspicion, such as a CAPTCHA test to protect against static URL scanners and an attacker-in-the-middle technique where the real login URLs are then substituted for the phishing ones to collect the credentials allowing the threat actor to login as the victim.
Unicode QR Code Phishing Evades Detection In Novel Ways
A new variant of QR code phishing has been outlined in some technical detail by J Stephen Kowski, the field chief technology officer at SlashNext, in a LinkedIn article. Whereas the more familiar type of QR code phishing attack relies upon an embedded image-based QR code to redirect users to a malicious site, Unicode QR code phishing takes an altogether different approach. “Attackers have now begun crafting QR codes using Unicode text characters instead of images,” Kowski said, which leave defenders facing three main problems: evasion of image analysis, perfect screen rendering and a duality of appearance between screen rendering and plain text to complicate detection even further. “This development underscores a crucial point we’ve long emphasized,” Kowski said, “phishing is no longer confined to email.”
Advice to prevent falling victim to a phishing attack, including methods of reporting any attempts, is available here online from Google, Facebook, Amazon and Microsoft.