Select Page

Top 10 brands for phishing

Last week email security vendor Vade Secure published its quarterly Phishers’ Favorites report, which ranks the brands used by phishers.    Phishing attacks are malicious emails designed to trick you into clicking a link or opening an attachment which will install malicious software on your computer.  These rankings are based on data obtained from users of its email security products.  It is important for practices to understand Phishing attack trends and techniques because phishing attacks are the #1 route for malicious software delivery.  Security awareness training is also required for HIPAA compliance.

The top 10 brands for the 2ndQuarter of 2019 are:

  1. Microsoft
  2. Paypal
  3. Facebook
  4. Netflix
  5. Bank of America
  6. Apple
  7. CIBC
  8. Amazon
  9. DHL
  10. Docusign

Microsoft retains its #1 ranking, with a whopping 20,217 unique phishing attacks identified in the quarter, which is an average of 222 per day.  Microsoft is likely the #1 favorite because of the popularity of its Office 365 product.  Gaining access to a company’s Office 365 assets is valuable for criminals.

Coming in at #2 is Paypal, the #1 online payment service worldwide.  Getting into Paypal is a rapid way to steal your money.

Facebook, at #3, has been surging in the rankings.  Vade Secure speculates that Facebook’s growing popularity is because Facebook credentials increasingly can be used to sign into many 3rdparty cloud systems.

The complete report is available from Vade Security here and is a good read.

Your HIPAA Security Risk Assessment almost certainly will identify Security Awareness Training as a top control to implement.  Practices can use this list as part of the ongoing security awareness training program.  Employees should be taught to be especially vigilant regarding emails purporting to come from these top companies.   Best practices for Security Awareness Training include:

  1. Gain support from the practice owner and/or CEO
  2. Ensure that all employees participate, including and especially the physicians!
  3. A simulated email phishing attack against all employees should be conducted, and the number of employees who fail is recorded and used as a baseline to measure success of the program.
  4. Training / Security Reminders should be frequent (monthly or quarterly), brief
  5. The program should be fun, entertaining, interesting and engaging.
  6. Simulated phishing attacks should be ongoing. Results should be measured.  Remedial action should be taken to educate employees who are slow to assimilate.
  7. The program needs to be ongoing, not once-and-done.

While security awareness programs can be done completely in-house, some outside expertise and/or tools will usually improve the effectiveness of the program.

Please also see:

Eagle Risk Assessment JumpStart

Use Eagle's Risk Assessment JumpStart to Protect Your Organization

Receive this four page guide to help you assess your security risk and begin taking the right steps to avoid penalties and cyber attacks.

You have Successfully Subscribed!

Pin It on Pinterest