Our mission is making INBOX.CLEAN™ a reality: stop phishing attacks — the root cause of 95% of breaches — before they reach users. Get the only solution that preemptively stops Business Email Compromise, malware, ransomware and other advanced threats by discovering and eliminating them before they cause damage.
Email Security has certainly come a long way. With cloud messaging now the standard versus the legacy on premise approach (Lotus Notes anyone?) the strategy of securing these clouds has also experienced a revolution.
Area 1’s cloud-native SaaS solution supports three key use cases: preemptive anti-phishing across all threat vectors (email, web, social, network); cloud email security / SEG replacement; and phishing security automation for SOC teams.
Area 1 is a Microsoft Certified Partner and a Google Cloud Security Technology Partner of the Year. We also integrate with a number of SIEM, SOAR, SEG and firewall technology providers to fit your unique infrastructure. Learn More
FIND A CHANNEL PARTNER
Work with trusted cybersecurity experts across the globe to secure your business. Learn about our partnerships with Legato Security, Optiv, SADA Systems, SYNNEX and others. Channel Partners Become A Channel Partner
March Madness is upon us again, which can mean only two things: lots of cinderella surprises on the basketball courts; and the release of Area 1 Security’s March Hackness Phishing Bracket that reports the brands most used by hackers as phishing lures.
While predicting college basketball winners is a tough job, predicting cyber threats doesn’t have to be. We know this because hackers remain predictable in how they breach organizations and in the methods they use to get past defenses.
Their consistent ally in this? People like you and I. And core to their methods is the notion of trust.
Who can you trust and who do you trust?
Inquiring hackers want to know — and they do know. It’s the brands we trust that hackers predictably use as phishing lures to get us to open a message, click on a link or download a file so that they can compromise our systems, networks, and data to achieve their malicious objectives. That’s why it’s phishing attacks that cause over 95 percent of cybersecurity-related data loss and financial damage.
The Top 64 Brands That Hackers Spoof
While college basketball elite 64 take to the courts for the annual March Madness competition to see who’s best, here at Area 1 Security, we’ve analyzed recent phishing attacks to identify the top 64 brands hackers are using to attack unsuspecting victims.
The results are in. We’ve seen some trends continue from past years and the addition of some new players to the field.
Admittedly skewed towards our sample set — but even so, U.S. brands continue to be a favorite for hackers, with 63 percent of phishing incidents involving spoofing of U.S. brands, up from 48 percent last year.
Financial services, previously the preferred industry for hackers to spoof, is still strong but declined from 50 percent of incidents to 44 percent. Cloud services make up a significant portion of the rest.
Within the sweet 16 brands spoofed by hackers, there are eight new brands, indicating a trend towards diversity in lures.
Most Improved Players (trusted brands to spoof) include Linkedin, Stripe, Airbnb and Craigslist, all new to the sweet sixteen.
Up and coming players trusted brands new to the Sweet 16 and the Top 64, include Squarespace and Dropbox.
Returning Most Valuable Players include Apple, Facebook, Wells Fargo, and rounding out the top four, Yahoo.
After losing the number one spot to Paypal last year, this year, Apple returns to the top spot for the second time.
Stop Phishing: Take Away the Element of Surprise…
The March Madness tournament is full of surprises. But our cybersecurity defenses don’t have to be. While our goal for the phishing bracket is to raise awareness and to illustrate the repetitive and predictable nature of phishing attacks, we hope that in the future this exercise will become obsolete.
Just a few months ago, in their 2018 Global Risks Landscape, the World Economic Forum ranked cyberattacks along with extreme weather events and global nuclear warfare as the biggest risks to our society. Being reactive to a clear and present risk is exactly what the attackers hope we do.
It’s time to go on the offensive with hackers and consider a new approach that effectively stops these attacks. Phishing attacks, due to their targeted nature, easily bypass existing security defenses. However, the repetitive, predictable methods attackers use to execute phishing campaigns and breach user trust remain consistent. Phishing campaigns have to begin somewhere, and they mostly rely on a trusted hook or a lure to get the user to participate. By understanding attacker methods and the infrastructure of their campaigns, it is possible to take a preemptive and an accountable approach to prevent phishing instead of continuing with today’s failing reactive approach.
Which is more than can be said for the actual tournament, where even the best teams can be surprised at times. And the coming weeks will likely throw up more cinderella surprises until the eventual winner is crowned (at this point, its Michigan all the way).
To learn more about how Area 1 Security comprehensively stops phishing before it causes damage and how we’re bringing accountability to the industry, with Pay-Per-Phish.
Want to keep up to date with the latest phishing trends?
With a career spanning 20 years fighting bad guys online, Shalabh leads all product and go-to-market functions at Area 1 Security, with extensive prior experience across security, enterprise, and cloud infrastructure companies such as Aspen Networks, IronPort Systems, Cisco and Bracket Computing. Shalabh and his teams have taken products from conception all the way to large scale businesses; and in the process have consistently helped make the Internet a safer place. An alumnus of Stanford University and the University of Texas at Austin, Shalabh holds five patents and can claim to know something about enterprise infrastructure and security.
Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.
https://www.area1security.com/wp-content/uploads/2022/04/BlogEmailBanner_BECAttackType_2022APR14.png13072500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-04-18 10:07:242022-04-28 08:48:24Understanding the Four Business Email Compromise Attack Types
Dear America’s sports-loving, company-securing fans: Before you find yourself glued this weekend to (what some call) THE biggest game in college basketball history, we are here to crown the 2022 March Hackness winner!
https://www.area1security.com/wp-content/uploads/2022/03/Champion-Banner_2.png10002500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-03-31 06:00:292022-04-28 08:49:23Area 1 Security Announces the Most Spoofed Brand of 2021
Area 1 Security’s Sixth Annual March Hackness: The Perfect Phishing Bracket is here! Learn who made the list of the top brands that attackers use in phishing lures.
https://www.area1security.com/wp-content/uploads/2022/03/SocialBanner_Blog_MarchHackness2021_2500x1000-Copy-2.jpg10002500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-03-26 20:45:192022-04-28 08:51:272022 March Hackness: The Return of the Phishing Bracket