Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Phishing actors are always innovating and creating new methods to lure victims into gaining access to their financial information, PII, and user accounts. Understanding the latest phishing techniques and threat actor tendencies helps us position our customers to stay one step ahead of phishing threats targeting their organizations.
In the Q4 2017 Phishing Roundup, we’ll detail the trends in phishing activity as observed by RiskIQ over Q4 of 2017, drawing upon data used in the Q3 Report for comparisons and recapping trends we’ve seen over the entirety of 2017. The data in this report, which is comprised of internally blacklisted resources—unique phishing URLs in this case—will focus on:
Overall, RiskIQ observed 27,285 uniquely blacklisted phishing—domains, down 2% from Q3, targeting a total of 259 unique brands, down 7%. However, the most significant trend to surface in Q4 was a stark increase in phishing campaigns leveraging social media platforms, a trend that accounted for 20% of the top-ten most phished brands including the overall most-phished brand.
This new focus on social media by threat actors is significant because it represents a pivot in tactics between Q3 and Q4 toward social media platforms and away from cloud service providers, which represented 10% of targets in our previous report. Financial institutions are almost always the target of the highest volume of attacks, but social media is an interesting new addition to the top-target list.
There are several potential reasons why social media is drawing more attention from threat actors. For one, the growth in popularity of financial integrations within social media platforms that, for example, give users the ability to send and receive money, can make for an easy payday. There’s also the possibility of using sensitive information from posts, messages, and profiles that can be used as lures in social engineering attacks.
The full breakdown of the most phished brands is as follows:
Our Q4 registrar data, except for one outlier, showed the same top-five players (although in a different order), which have clearly become tried and true tools for phishers. The hosting provider data from Q3 to Q4, however, showed a significant discrepancy, making it impossible to speculate on any potential trends.
Overall detections dropped off slightly in a few key areas during 2017, a decline that isn’t unusual as phishing tends to be very cyclical—the number of observed domains and targeted brands remained relatively close each quarter, but the number of unique URLs varied widely.
Financial institution targets showed a general decline while social media targets showed a general increase, especially over the last quarter. Q4 was also the first quarter observed where the top targeted brand was a social media platform. While this is not a new phenomenon by any means, our data has never displayed its presence as prominently as Q4 of 2017.
RiskIQ provides access to our unique phishing detection capabilities with our External Threats product line. Knowing your phishing risk is only half the battle; External Threats offers real-time monitoring and web enforcement capabilities to help you protect your organization’s assets with RiskIQ’s industry-leading security intelligence.
Another Magecart group has started to compromise misconfigured S3 buckets! Please secure your buckets.
We detailed how to secure your S3 Buckets in our original reporting: https://t.co/QKrZqWV506
The Columbus, OH #ThreatHunting community is out in full force for today's workshop! Together, we're powering better investigations through data.
Some insights based on reporting by @RiskIQ: Beyond Wipro: Meet the ‘Gift Cardsharks’ Behind the Massive Campaign Targeting Victims with Commercially Available Tools https://t.co/6Vxsnygp1z via @ooda
For today's executives, protecting your organization means protecting yourself—and knowing that personal security sits at the confluence of the physical and digital worlds. https://t.co/HShORi3X6j #ExecutiveProtection #ExecutiveSecurity
Overlap in RiskIQ's unique data sets uncovered a massive threat campaign using popular marketing and analytics tools to target gift card retailers, distributors, and processors. Here's what you need to know https://t.co/GkHsPFwkkd #ThreatIntelligence