Our mission is making INBOX.CLEAN™ a reality: stop phishing attacks — the root cause of 95% of breaches — before they reach users. Get the only solution that preemptively stops Business Email Compromise, malware, ransomware and other advanced threats by discovering and eliminating them before they cause damage.
Email Security has certainly come a long way. With cloud messaging now the standard versus the legacy on premise approach (Lotus Notes anyone?) the strategy of securing these clouds has also experienced a revolution.
Area 1’s cloud-native SaaS solution supports three key use cases: preemptive anti-phishing across all threat vectors (email, web, social, network); cloud email security / SEG replacement; and phishing security automation for SOC teams.
Area 1 is a Microsoft Certified Partner and a Google Cloud Security Technology Partner of the Year. We also integrate with a number of SIEM, SOAR, SEG and firewall technology providers to fit your unique infrastructure. Learn More
FIND A CHANNEL PARTNER
Work with trusted cybersecurity experts across the globe to secure your business. Learn about our partnerships with Legato Security, Optiv, SADA Systems, SYNNEX and others. Channel Partners Become A Channel Partner
It’s that time of the year again: busted brackets (Marquette, here’s looking at you!), wrong picks and Cinderella stories. As spring rolls around, another exciting March Madness tournament is upon us, the ultimate college basketball tournament. Fans look forward to the entertainment of watching the games, the excitement of predicting what the winning March Madness bracket will look like, and, most importantly, bragging rights on picking the winners or the upset makers.
Here at Area 1, like most other organizations, we have an active and thriving competition ongoing (it has not been a good start for many of us, myself included). Not only have we picked teams and submitted our winning bracket predictions for a company-wide competition—but we’ve also been busy collecting and analyzing phishing attacks for our fourth annual March Hackness bracket. This bracket provides critical insight into the brands that hackers most often spoof when executing phishing attacks. Attackers take advantage of trust and authenticity in their phishing campaigns; and the use of trusted brands in unique and authentic messages allows them to successfully phish organizations across the globe.
While predicting college basketball tournament winners is great entertainment, taking a chance on cyber security is a recipe for disaster. Our annual March Hackness bracket gives you unique insight into the top brands being used as phishing lures. So if you’re finding nasty imposter emails evading your defenses and landing in inboxes, we’re ready to help you close that phishing gap.
Here’s the 2019 March Hackness phishing bracket:
This year’s data shows that hackers are continuing to focus on what works—in fact, the top 64 spoofed brands account for 89 percent of spoofed phishing email!
We also find that phishing continues to be a global business, with 50 percent of attacks spoofing US companies, and brands from Europe, Canada, Asia, and South America rounding out the Top 64 spoofed brands list.
And while we see many brands returning to the Top 64 spoofed brands list, we have 29 newcomer brands, indicating that hackers are continuing to evolve and diversify their campaigns.
Cloud Services and Financial Institutions: ACC & Big 10?
With due respect to Kansas and their strong program in the Big 12, our bias is towards ACC & the Big 10 as the top two conferences in college basketball. And we see something very similar within our phishing brackets. Cloud Services and Financial Services are the veritable ACC and Big 10 of phishing, accounting for 100 percent of the trusted lures in the top 10 (60/40 split), and a significant majority across the broader bracket.
Spoofing financial companies continues to be a hacker favorite. Similar to last year, 47 percent of attacks spoofed financial brands in some way or form.
Looking at this year’s “Sweet 16,” the 16 brands most frequently spoofed by hackers, we find financial company spoofs coming on strong, with Paypal and Bank of America taking the numbers one and two spots respectively. New to both the Sweet 16 and the Top 64 this year are two international financial brands, the Canadian financial cooperative Desjardins, and the United Overseas Bank of Singapore. Even in the phishing business, global expansion is alive and well. And rounding out the list of financial institutions in this year’s Sweet 16 are Wells Fargo Bank and JP Morgan Chase.
B2B Cloud Service Providers—Perennial Favorites.
While financial institutions are hackers’ favorite brands for phishing, this year has seen a strong increase in credential harvesting attacks that spoof cloud service brands in an attempt to steal company data and information. With this increase, it’s no surprise to find that B2B cloud service leaders, including Microsoft and Dropbox, have climbed the ranks and landed on the top 10 spoofed brands list. Another B2B cloud service leader, Google, has also climbed the ranks and returned to the top 10 list of spoofed brands. Other B2B cloud service brands ascending to the most spoofed level include Adobe and DocuSign.
Who’s the Winner?
PayPal, a consistent MVP comes back to win this year’s phishing bracket. That’s not a surprise, given their strong use amongst end users and employees across the board. And if its working, why change it? Unlike perception, phishing campaigns are methodical and almost assembly line-like in nature. Anything that has proven to work consistently gets amplified and used in volumes, and that’s what we see with campaigns leveraging Paypal as the trusted lure.
If you were to extend this to the basketball world, it would indicate that the 2019 winner is from the Big 10; with Michigan as the eventual champion.
If you know me, that’s painful, since I picked Virginia in my own bracket this year. Here’s hoping for an upset. Or two.
Placing bets on the perfect March Madness bracket is a fun national pastime. But taking a chance on cybersecurity is a recipe for data breach, financial loss, and brand damage. If you’re finding imposter emails in your inboxes, contact Area 1 Security and learn how our performance-based cybersecurity service can protect your organization from phishing attacks, the root cause of 95 percent of cyber breaches.
Want to keep up to date with the latest phishing trends?
With a career spanning 20 years fighting bad guys online, Shalabh leads all product and go-to-market functions at Area 1 Security, with extensive prior experience across security, enterprise, and cloud infrastructure companies such as Aspen Networks, IronPort Systems, Cisco and Bracket Computing. Shalabh and his teams have taken products from conception all the way to large scale businesses; and in the process have consistently helped make the Internet a safer place. An alumnus of Stanford University and the University of Texas at Austin, Shalabh holds five patents and can claim to know something about enterprise infrastructure and security.
Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.
https://www.area1security.com/wp-content/uploads/2022/04/BlogEmailBanner_BECAttackType_2022APR14.png13072500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-04-18 10:07:242022-04-28 08:48:24Understanding the Four Business Email Compromise Attack Types
Dear America’s sports-loving, company-securing fans: Before you find yourself glued this weekend to (what some call) THE biggest game in college basketball history, we are here to crown the 2022 March Hackness winner!
https://www.area1security.com/wp-content/uploads/2022/03/Champion-Banner_2.png10002500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-03-31 06:00:292022-04-28 08:49:23Area 1 Security Announces the Most Spoofed Brand of 2021
Area 1 Security’s Sixth Annual March Hackness: The Perfect Phishing Bracket is here! Learn who made the list of the top brands that attackers use in phishing lures.
https://www.area1security.com/wp-content/uploads/2022/03/SocialBanner_Blog_MarchHackness2021_2500x1000-Copy-2.jpg10002500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-03-26 20:45:192022-04-28 08:51:272022 March Hackness: The Return of the Phishing Bracket