New Report Reveals PayPal is a Top Target for Phishing

Phishing—the practice in which people try to obtain login credentials to various websites—has been a particularly effective practice so far. So effective, in fact, that it’s still being used, and extensively, to this day. Recently, Vade Secure dropped word our way about its quarterly Phishers’ Favorites report, and revealed that mobile payments leader PayPal is now the new primary target of phishers.

The report itself examines the 25 most imitated brands and also points out some of the tactics that phishers are using to try and get data as they pose as these various websites. Released quarterly since the second quarter of 2018, the king of the hill has been Microsoft for just over a year. In the third quarter of 2019, however, Microsoft lost its top ranking to PayPal. Coming in third on the list was, not that surprisingly, Netflix.

PayPal’s sudden gains come on the wings of some downright nightmarish statistics; the Vade AI engine noted 16,547 unique PayPal phishing URLs, which breaks down to about 180 per day. That’s up nearly 70 percent—69.6 by Vade’s reckoning—from the same time the previous year.

PayPal’s gains weren’t unique to the market, either; the top 25 most-phished brands featured 10 financial services brands, including CIBC, Bank of America, and Chase, who each appeared in the top 10. For those keeping score, that’s four out of 10 of the top 10, and 10 of the top 25.

It’s really not that surprising to see financial institutions so thoroughly targeted by phishers. It’s not surprising to see them targeted by hackers or crackers or data miners or anything else. It is, after all, where the money is. Any other store, like Microsoft or Netflix, is a holding facility for data that allows you to access money at some other point downstream. So yes, financial institutions are and should be well-represented in such lists as they are the prime targets of such efforts. They’re also the targets holding the data most valuable to those who would steal data. 

It also proves once again the sheer importance of staging your own security. While PayPal et al will have to fight to keep customers’ data protected, keeping track of your own data will help to know when something’s gone amiss to begin with.