Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Phishing actors are always innovating and creating new methods to lure victims into gaining access to their financial information, PII, and user accounts. Understanding the latest phishing techniques and cyber threat actor tendencies helps us position our customers to stay one step ahead of phishing threats targeting their organizations.
In the Q4 2017 Phishing Roundup, we’ll detail the trends in phishing activity as observed by RiskIQ over Q4 of 2017, drawing upon data used in the Q3 Report for comparisons and recapping trends we’ve seen over the entirety of 2017. The data in this report, which is comprised of internally blacklisted resources—unique phishing URLs in this case—will focus on:
Overall, RiskIQ observed 27,285 uniquely blacklisted phishing—domains, down 2% from Q3, targeting a total of 259 unique brands, down 7%. However, the most significant trend to surface in Q4 was a stark increase in phishing campaigns leveraging social media platforms, a trend that accounted for 20% of the top-ten most phished brands including the overall most-phished brand.
This new focus on social media by cyber threat actors is significant because it represents a pivot in tactics between Q3 and Q4 toward social media platforms and away from cloud service providers, which represented 10% of targets in our previous report. Financial institutions are almost always the target of the highest volume of cyber attacks, but social media is an interesting new addition to the top-target list.
There are several potential reasons why social media is drawing more attention from cyber threat actors. For one, the growth in popularity of financial integrations within social media platforms that, for example, give users the ability to send and receive money, can make for an easy payday. There’s also the possibility of using sensitive information from posts, messages, and profiles that can be used as lures in social engineering attacks.
The full breakdown of the most phished brands is as follows:
Our Q4 registrar data, except for one outlier, showed the same top-five players (although in a different order), which have clearly become tried and true tools for phishers. The hosting provider data from Q3 to Q4, however, showed a significant discrepancy, making it impossible to speculate on any potential trends.
Overall detections dropped off slightly in a few key areas during 2017, a decline that isn’t unusual as phishing tends to be very cyclical—the number of observed domains and targeted brands remained relatively close each quarter, but the number of unique URLs varied widely.
Financial institution targets showed a general decline while social media targets showed a general increase, especially over the last quarter. Q4 was also the first quarter observed where the top targeted brand was a social media platform. While this is not a new phenomenon by any means, our data has never displayed its presence as prominently as Q4 of 2017.
RiskIQ provides access to our unique phishing detection capabilities with our External Threats product line. Knowing your phishing risk is only half the battle; External Threats offers real-time monitoring and web enforcement capabilities to help you protect your organization’s assets with RiskIQ’s industry-leading security intelligence.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
Dream situation for adversaries. Holes open daily in the attack surface to support remote work. Time to adapt! Proud to be helping with free access in @PassiveTotal and via the @RiskIQ Illuminate platform. Purpose built for the #CISO and #cybersecurity teams. https://twitter.com/RiskIQ/status/1266444273207083009
Microsoft Remote Desktop is spiking. Why? Because all work is now remote work and all access is now remote access. RiskIQ scans hundreds of ports and maps exposed services to provide security teams with a picture worth a thousand log lines. https://bit.ly/2xJ1Dgx
RiskIQ's #COVID19 Weekly Update:
➡️Car rental company Hertz filed for bankruptcy protection
➡️For the first time, the Boston Marathon has been canceled
➡️Most of the malicious coronavirus emails are coming from US IP space
Read full update here: http://bit.ly/2Uv3CMV
RiskIQ's #COVID19 Internet Intelligence Gateway will enable the cybersecurity community to fight a surge in pandemic-related cybercrime. Sign up, submit any suspicious COVID-19-related URL, and have RiskIQ's powerful global crawling network at your command http://bit.ly/3eon6ek
Via @InfosecurityMag, @DanRaywood highlights RiskIQ's new #COVID19 Internet Intelligence Gateway. This one-stop cybersecurity resource is the latest weapon in the fight against the surge in pandemic-related cybercrime. Read more here https://bit.ly/36ALU02