Security Experts:

Connect with us

Hi, what are you looking for?



Office 365, Outlook Credentials Most Targeted by Phishing Kits

Phishing attacks have become more targeted and sophisticated and also show a focus on enterprises, cloud-based Internet security services provider Cyren says.

Phishing attacks have become more targeted and sophisticated and also show a focus on enterprises, cloud-based Internet security services provider Cyren says.

After analyzing 2,025 phishing kits during the second half of the year, Cyren’s security researchers were able to identify not only the most used phishing kits, but also key trends in the phishing industry.

In recent years, the malware industry as a whole has welcomed less skilled actors through the emergence of various malware-as-a-service business models. The proliferation of such services has driven the number of malicious attacks upwards, and the trend is expected to continue.

There has been a significant increase in mobile attacks in the past years and the phishing sector is no different, and Cyren confirms this in a report published today.

A new generation of highly professional phishing kits makes phishing easy, providing even technically unsophisticated would-be criminals with the necessary tools, services and support to launch targeted attacks, thus leading to an overall surge in the number of phishing incidents.

The researchers also noticed that the professional phishing industry is prioritizing enterprise attacks, although consumers and consumer brands still bear the brunt of most phishing activity.

According to Cyren, low-level criminals are encouraged to take on some of the biggest brands because the five most used phishing kits are high in volume, highly targeted and highly sophisticated. With adversaries looking to penetrate enterprises to maximize gains, the phishing-as-a-service market is meeting demand.

During the third and fourth quarters of 2018, Microsoft Office was the brand targeted the most by phishing kits, attracting 25.4% of assaults. At 17.2%, Yahoo was the second most targeted, followed by PayPal at 17.1%. Dropbox (9.8%) and Apple (5.0%) rounded up top five most targeted brands.

Applications most targeted by phishing kits

The phishing kit used the most during the second half of the year was a multi-brand kit that mainly targets Office 365 and Outlook credentials, but which also supports spoofed pages for AOL, Bank of America, Chase, Daum, DHL, Dropbox, Facebook, Gmail, Skype, USAA, Webmail, Wells Fargo, and Yahoo.

The second most popular phishing kit in the timeframe also targets Office 365, Cyren says. This tool, however, was specifically built for Office 365 phishing and packs built-in techniques to evade detection, including blocking IPs and security bots, as well as user agents to hide from phishing defenses.

A PayPal phishing kit has emerged as the third most used, and employs new levels of sophistication, with several evasive techniques, the researchers say.

Fourth in line comes a multi-brand phishing kit that can target almost anything from lifestyle brands to data, banking and email credentials, and more. Apple, Netflix, Dropbox, Excel, Gmail, Yahoo, Chase, PayPal and Bank of America are among the targeted brands.

“This one-stop shop for many of the most-targeted brands also includes significant sophistication to avoid detection – it analyzes and blocks specific IPs, hosts, user agents, and offline browsers in order to make it harder to detect,” Cyren notes.

Rounding up top five phishing kits for the second half of 2018 is a Dropbox-targeting kit meant to aid in enterprise phishing attacks, where context and credentials are of highest importance, the security researchers reveal. Such attacks target credentials both to access enterprise files and to attempt to compromise other enterprise accounts.

Related: Phishers Use ‘ZeroFont’ Technique to Bypass Office 365 Protections

Related: Phishers Use New Method to Bypass Office 365 Safe Links

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...