Our Cloud Security Report provides an analysis of some of the interesting security trends we’ve noticed recently. This month we dig into Office 365 phishing, how many people disable their lockscreens, some apps that are leaking your location data, two BIG brands that are being leveraged for phishing, and some analysis from our Data Science team.

Office 365 Phishing Threats

Recently, we’ve seen a large increase in hits to Office 365 phishing domains, after a long period of stable activity. Productivity tools such as Office 365 have seen increased usage globally as remote working causes users to find new ways to collaborate on documents and projects. This presents increased opportunities for phishing campaigns seeking to steal credentials. Although this peak has passed, with many of the sites being shut down, we can already see connections to Office 365 phishing domains rising back to normal levels.

Interesting Phishing Threats

Multiple HSBC scams

Banking information is a common target for cybercriminals, and we’ve noticed a number of HSBC-related phishing sites pop up over the course of April.

  • hsbc.sec-id00111[.]com
  • hsbc.uk-payeecancel[.]com
  • security.hsbc.verifypayee[.]com
  • security.hsbc.unauthorised-payee[.]com
  • hsbc.account-8reset[.]com
  • hsbc.co.uk.security-id475142[.]com

And Netflix

With everyone cooped up at home under shelter-in-place orders, people have understandably flocked to Netflix to quench boredom. Riding the wave of increased Netflix usage, we’ve seen a number of phishing hits on Netflix-related phishing domains.

  • www1-netflix[.]com
  • www-netflix-payment[.]com
  • www-1netflix[.]com
  • 1payments-netflix[.]com

In the last month, 5.6x as many Android devices had lock screens disabled compared to iOS devices.

Top 5 apps leaking your location

1 | Sports Tracker
2 | NewsHunt
3 | ConnectMobile
4 | LBC
5 | TuneIn Radio

May’s security news you may have missed

Data Science Monthly

MI:RIAM constantly monitors data flowing into the system from multiple data sources: our own traffic vectors and newly registered certificates. By applying machine learning models to these sources, we’re able to detect, block and monitor this data, enabling Wandera to maintain the best model for pre-empting future phishing attacks.

We're here to help you

The world of work is being completely reshaped, and remote working has become critical for business continuity. If you need any assistance with your remote working challenges, please get in touch.

Get in Touch