14 DAY TRIAL // The most popular delivery method for malware during Q3 2018 were malicious email campaigns and the most targeted individuals through such attacks were the customers of the PayPal worldwide online payments system.
Email phishing attacks use maliciously crafted emails to collect and to exfiltrate sensitive information such as usernames, passwords, and credit card payment info from victims by persuading them to hand over the data or by the sender posing as a trustworthy entity.
"Spam and phishing emails are the favorite weapon of hackers, and in Q3 2018 this trend continued unabated," says Comodo. "The popularity of phishing arises in large part due to its cost-effectiveness: low production cost, unlimited scalability, and potential for high profits make this vehicle attractive to cybercriminals."
According to Comodo's Global Threat Report 2018 Q3 containing data collected and analyzed from a base of over 100 million worldwide endpoints, the top three phishing emails ranked by subject lines were going after PayPal clients (48%), Azure Microsoft (8%), and FedEx (10%).
As further detailed in the report, "In first place is a message “from PayPal,” threatening to lock a victim’s account immediately pending update of information. The link in the email redirects the user to a fake PayPal page to collect entered credentials."
Microsoft takes first place in the top co-opted brands during phishing attacks
Out of all individuals who used one of the Comodo-protected endpoints who took part in the study, 19,562 users received this phishing email the attackers sent banking on a sizable haul.
The second most popular phishing email template that hit Comodo's install base during Q3 2018 camouflaged as a legitimate Microsoft survey invitation about the Azure cloud product, and it featured high-quality copywriting and legitimate looking sender addresses.
When it comes to phishing campaigns using specific brands to inspired trust in the victims in Q3 2018, Microsoft took first place with 19% of all attacks, PayPal took the second place with 17%, and Google placed on the third place with 9.7%.
Comodo concluded that "Black hats are deploying multi-pronged attacks – phishing, in particular – to deploy malware that includes trojan droppers, trojan generics, password stealers, PUA, backdoors and botnets."
