PayPal has now overtaken Microsoft to become the favorite target of phishing campaigns, according to a third-quarter 2019 report by email security firm Vade Secure.
While phishers still target Microsoft and its Office 365, the number of campaigns against PayPal jumped almost 70% in the year through the third quarter while campaigns against Microsoft increased at a slower pace.
The interest in PayPal, which has 286 million active user accounts, is easy to understand, as compromising credentials usually pays off quickly. Most people have attached credit cards or at least have cards linked to the PayPal account, so a thief can transfer funds quickly.
“Microsoft relinquished its crown in Q3, dropping to the #2 spot on our list. The 13,849 unique Microsoft phishing URLs detected in Q3 was down -31.5% from last quarter, and represents the lowest total since Q1 2018 (11,178). With more than 150 unique URLs per day, Office 365 phishing attacks are still widely popular,” reads the Vade Secure report.
Office 365 is usually singled out because compromised credentials for this service can be used in other ways by the attackers. It’s not about using someone else’s office suite, it’s about gaining access to the office and email accounts. Once an attacker takes control of the email, the path is open towards other online services as well.
Most online services, especially those from well-known brands, are constantly targeted by phishing campaigns. The latest data from APWG shows that phishing activity rose to a new record high in 2019, and is showing no signs of slowing down.