The Most Common Phishing Themes

  • Home
  • Blog
  • The Most Common Phishing Themes

Executive Summary

Although we’re already a quarter of the way through the year, the cyber security company Zscaler has recently published its Threatlabz 2022 Phishing Report, detailing some of the most commonly observed phishing campaign themes, and the brands that are most frequently imitated by malicious actors. We’ve compiled these campaigns into a top ten list, to shine some light on what you should be watching out for and why these are so successful, so read on to find out what the most common themes were, as well as the percentage of attacks they’re responsible for.

10. Roblox – 1.7%

At number ten, making up 1.7% of phishing scams, we have one of the most popular online games - Roblox. This free-to-play sandbox platform allows almost limitless capacity for creation, with millions of user-created games and scenarios. It has many younger users, who can use its in-game currency, Robux, to get an edge over other players in some of the online game modes.

With a younger user base, parents who aren’t as computer literate and aren’t aware of the dangers of online games, and an in-game currency, there are multiple ways that people can be caught out by phishing campaigns purporting to be from Roblox. This is achieved through fake account lockouts or emails about ‘Free Robux,’ which can trick users into submitting account or banking information. When it comes to Roblox, it’s not surprising that it makes the top 10 list.

9. Google – 2.1%

This statistic was surprisingly low, as you frequently see phishing campaigns posing as Google, trying to access Google Cloud services like Google Docs and Google Classroom, or trying to access Play Store funds or payment information.

A malicious actor could do significant damage if they gained access to the right account. Many organisations use Google’s services as an alternative to the Microsoft 365 applications and with a reported 111.3 billion apps downloaded from the Play Store in 2021, the user base for Google’s services provides a treasure trove of data for malicious actors.

8. Binance – 2.5%

Since 2020, the growth of the monetary exchange platform Binance has gained a large influence and a huge growth in the number of users. Its main use is the buying, selling, and exchanging of cryptocurrencies, making it a frequent target for malicious actors.

With the quick rise of the platform’s popularity, users were encouraged to sign up and get access, potentially overlooking best security practices. As such, members soon found themselves with false transaction emails or texts and account activity warnings, as attackers tried to steal their victims’ information and, in most cases, money and assets. As more and more people get into cryptocurrencies and other forms of digital assets, there’s a chance that people may be seeing less traditional banking phishing attempts and more campaigns like these.

7. Paypal – 2.7%

Continuing with the financial phishing scams, Paypal sits at number seven, with 2.7% of observed phishing campaigns. This one is quite self explanatory, as access to this platform typically comes with access to sensitive information such as personally identifiable information (PII), bank and card details, purchase history, and more. With all of this, a threat actor could find out almost everything about a person and could deal significant damage.

The types of emails that you could see with these campaigns would typically be fake unauthorised account access, transactions, or competition winnings. Additionally, because a large number of individuals use PayPal, this leaves a very large attack surface for threat actors, giving them more chance of making a financial gain.

6. OneDrive – 3.6%

Unlike Google at number nine, which encapsulates all of Google’s services, OneDrive alone takes the place of the sixth most common phishing campaign theme. The goal for malicious actors would be to get access to users’ Microsoft account credentials, potentially stealing data and gaining access to their other Microsoft services.

Some of the OneDrive phishing campaigns you may see could be about a fake file being shared with you or your organisation, suspicious access regarding your account or the data stored on your account, or an alert about data being deleted unless you sign in to intervene. Suffice to say, many attackers would like to gain access to your personal data, and going through OneDrive is a sure-fire way of doing it.

5. Amazon – 5.8%

Coming in at number five is the world’s largest online retailer, Amazon. It’s not surprising that it’s on the list, and as it continues to grow, it could potentially move up the list. There’s a large financial incentive to accessing someone’s Amazon account, as many users typically save their banking information on it. With the ‘Buy it now’ option, users only need to sign in to make a purchase.

The types of emails you may see impersonating Amazon can include fake invoices, account maintenance requirements, and warnings of suspicious account activity. Since AWS, or Amazon Web Services, is a subsidiary of Amazon, these emails could also be about a large bill or an issue with your billing information, in an attempt to trick you into logging on and sharing your details.

4. Telegram – 6.5%

Moving away from email phishing campaigns, 6.5% of attacks were on Telegram . The free instant messaging service has had a large market uplift in recent months, since many users are migrating away from the Facebook-owned WhatsApp. As such, there has been a large number of malicious actors migrating to Telegram too, resulting in an increase in phishing attacks.

The sorts of attacks that you may see on Telegram, other than fake competitions and threats, could be threat actors posing as Telegram administrators, staff, or service bots to try and steal your information. For instance, you could receive a private message from TelegramAdmin about urgent account activity, and asking for your password. It’s important to verify who you’re getting these kinds of messages from.

3. COVID-19 – 7.2%

Moving onto a more upsetting theme, COVID-19 is at number three on the list. Malicious actors have taken advantage of the pandemic in order to make money. In the height of the pandemic, many people received emails and messages notifying them of paid vaccines, or offers to jump the queue in an attempt to save their life.

This sadly, is a perfect example of malicious actors using current events to try to take advantage and exploit their victims. Activity like this isn’t likely to stop any time soon, unfortunately, and it’s up to the victims to educate and protect themselves against future attacks.

2. Illegal Streaming - 13.6%

At number two on the list is illegal streaming sites. This isn’t a case of the attackers approaching the victim, but more a case of the victim going to them. The deception lies within the ads and popups that are hosted on these kinds of sites. Explicit advertisements that use stolen material, or warnings of viruses and tracking, allow the malicious actors to install malware on their victims’ devices, or even to trick the victims into submitting sensitive and personal information.

The best way to protect yourself from these sorts of phishing attempts is simply by avoiding illegal streaming or hosting sites, and by using a more reputable source for media consumption instead.

1. Microsoft – 31.4%

Taking the top spot is Microsoft. With Windows having just under 74% of the global market share for desktop PC operating systems, and the multitude of public and private sectors that use Microsoft services for their operations, it’s not surprising that Microsoft is at number one.

The sorts of phishing attempts you may see in your inbox could be about fake meeting invitations, account maintenance requirements, billing maintenance requirements, account activity, and much more. The volume of services that Microsoft provides, and the connectivity and integration that it has built-in, gives attackers a large pool of information to utilise.

An attacker gaining access to a Microsoft account could lead to a significant amount of damage to a person or organisation. Furthermore, as we integrate our personal data more with the cloud via the Windows OS, this convenience puts us at risk, and there’s a greater need for education about phishing.

How can we help?

At Cyber Security Associates, we know one of the best ways to avoid a cyber attack is to make sure that you and your workforce have the right training and knowledge, and to develop a cyber-secure culture at your organisation. Our team of experts has years of experience in cyber security, and can run practical campaigns to train your employees. We can organise bespoke email phishing campaigns designed to test them, and use Decoy to track how they would react to any real-life campaign.

Decoy allows you to test your employees’ awareness to phishing attacks, and can be deployed for both small and large businesses. With pre-made campaign templates, designed to look like they’re from the likes of Amazon, Google, Microsoft, and more, we can help you discover whether your employees will need further training without putting your organisation at risk. After the Decoy campaign, you’ll receive a report detailing how your employees responded, including whether they clicked any links or submitted any information.

From webinars to e-learning courses, we can help ensure your company is armed against future cyber attacks. If you want to learn more about what we can do to keep your data safe from malicious actors and phishing attacks, don’t hesitate to get in touch with us today.

Would you like to talk to us and find out more about our services?

Please fill in the form below and one of the team will get in touch.