Phishing Intelligence Feed

The adoption of NetSTAR’s inSITE phishing feed is growing rapidly due to the alarming spike in phish attempts across the globe. According to Forbes, 2021 saw 50% more cyber attacks per week on corporate networks compared to 2020, and the most common type of attack was phishing. Phishing attacks commonly pose as emails from trustworthy brands that trick users into giving away confidential information on a disguised malicious website. 

The most commonly used brands for these phishing attacks, according to Check Point’s Brand Phishing Report for Q4 2021, are:

  1. DHL (related to 23% of all phishing attacks globally)
  2. Microsoft (20%)
  3. WhatsApp (11%)
  4. Google (10%)
  5. LinkedIn (8%)
  6. Amazon (4%)
  7. FedEx (3%)
  8. Roblox (3%)
  9. Paypal (2%)
  10. Apple (2%)

An investigation of “in-the-wild” email subject lines found the most common throughout Q4 2020 included:

  • IT: Annual Asset Inventory
  • Changes to your health benefits
  • Twitter: Security alert: new or unusual Twitter login
  • Amazon: Action Required | Your Amazon Prime Membership has been declined
  • Zoom: Scheduled Meeting Error
  • Google Pay: Payment sent
  • Stimulus Cancellation Request Approved
  • Microsoft 365: Action needed: update the address for your Xbox Game Pass for Console subscription
  • RingCentral is coming!
  • Workday: Reminder: Important Security Upgrade Required

In addition to branded phishing attacks, Covid-19 related phishing attacks have also been targeting the EU, posing as government entities. With the rise in concern over the Omicron variant, more users are falling for these convincing attacks. The question then becomes: how can organizations protect themselves from compromising phishing attacks? Companies are increasingly educating end-users on how to recognize phishing attacks with awareness training and preemptive warnings, however, organizations are finding the best method is to block phishing emails from ever reaching their end-users inbox.

Our technology is focused on identifying all URLs related to phishing attacks. Through our inSITE Phishing Feed, every 5 minutes we push newly-discovered phishing URLs to our partners. Our partners’ products rely on this data to help them block emails that contain malicious phishing links, which in turn helps their customers protect corporate and personal data and assets.

NetSTAR’s inSite Threat Intelligence Feeds provides the best phishing feed and actionable threat information to OEM partners, giving them greater visibility into the cyber threat landscape. inSite monitors telemetry data from over 1.4 billion endpoints worldwide to identify threats and deliver critical information including the date the threat was first detected, targeted brand, geolocation, and other crucial metadata. Deploy inSITE via a data feed for active threats, with new threat data updates delivered every five minutes and cumulative updates delivered every 12 hours. And access inSITE‘s historical threat database via an API.