WhatsApp is reportedly is among phishers’ favourite target, a new security report has revealed. The report claims that the number of WhatsApp phishing URLs has seen a staggering 13,467.6 percent quarter-on-quarter (QoQ) growth. Primarily driven by WhatsApp, social media phishing URLs increased from 13.1 percent in Q3 to 24.1 percent in Q4 2019. WhatsApp and Facebook, the company that owns WhatsApp, are placed on the fifth spot and second spot, respectively, in a list shared by Phishers’ Favorites report, whereas Instagram is on the 13th position. Topping the charts is Paypal with a 31.2 percent QoQ growth.
WhatsApp has seen the most staggering growth in phishing URLs, and has climbed 63 spots to take the fifth position on Vade Security’s Phisher’s Favourites Top 25 Q4 2019 Worldwide Edition. The company says that this list is compiled by analysing the phishing URLs detected by Vade Secure’s internal technology. The firm detected 5020 Unique Phishing URLs for WhatsApp in Q4 2019, and most of them seem to stem from a campaign that invited users to join WhatsApp group called Berbagi. This group reportedly advertises pornographic content, and it appears web hosting provider 000webhost was hacked and used to host the phishing pages.
The report says that these social media phishing tactics are less guided towards seeking financial payback, but more about harvesting credentials and then attempting to reuse the passwords to hack into other online services. Interestingly, Netflix takes the fourth position in the list for most commonly impersonated brands in phishing attacks. Apple is on the ninth position, Amazon takes the 10th spot, and Dropbox is present on the 15th position. The report also states that the phishers are most likely to send most of these URLs on Friday, and phishing activity is seen to be more concentrated over the weekend.