Content, Content

Phishing Attackers Exploited Zoom, eBay & Streaming Services in 2020

Phishers exploited the COVID-19-caused spike in streaming services in the first few months of 2020 with attackers impersonating top brands such as eBay, YouTube, Netflix and Twitch, Webroot, an OpenText company, said in its latest threat report.

In February, 2020, 31 percent of all phishing attacks masqueraded as eBay and in March, activity kangarood on streaming services YouTube (up 3,000%), Netflix (up 525%) and Twitch (336%), according to Webroot’s 2021 BrightCloud Threat Report.. “Between February and March, our data showed a 2000 percent spike in malicious files with ‘zoom’ in their filenames,” said David DuFour, Webroot’s software engineering vice president, in introducing the report.

“Phishing attacks frequently take advantage of current events and trends, such as the Covid-19 pandemic and U.S. elections,” the report reads. A proven way for organizations to rebuff phishing attackers is with security awareness training, Webroot wrote. For example, in phishing simulations, the click rate for the first instance is 11 percent, eight percent for the second run. Over the course of several months, click rates fall to three or four percent, for a 72 percent reduction, Webroot said.

“It’s unrealistic to expect users to stop falling for social engineering attacks altogether,” Webroot said. “But by reducing the click rate, you’re making it harder for attackers to gain a foothold in your company.”

Chief among the study’s key findings:


  • Attacks increased 510% from January to February alone.
  • The top five phishing targets of the year were eBay, Apple, Microsoft, Facebook and Google.
  • By the end of 2020, 54% of phishing sites used HTTPs.
  • Use of HTTPS varies considerably based on the industry being targeted and is most heavily used when spoofing cryptocurrency exchanges (70% of the time), ISPs (65%), and gaming (62%).


  • 86.1% of malware is unique to a single PC.
  • 83% of Windows malware hides in one of four locations. One, %appdata%, saw the infection rate jump 59.2% YoY.
  • Consumer devices saw twice as many malware infections when compared to business devices.

Infection rates by geography

  • Lowest PC infection: Japan (2.3%), U.K. (2.7%), Australasia (3.2%) and North America (3.7%).
  • In Europe, home devices (17.4%) were more than three times as likely to encounter an infection as business devices (5.3%).

Infection Rates by country and industry

  • Lowest infection rates: healthcare and social assistance (down 41.4% from the YoY average).
  • Highest industry infection rates: wholesale trade, mining/oil/gas and manufacturing.

Mobile and Android

  • Of the total threats detected on Android devices in 2020, Trojans and malware accounted for 95.9%, an increase from 92.2% in 2019.
  • Outdated operating systems accounted for nearly 90% of Android infections.
  • Malware for Android-based IoT devices is increasing, underscoring the importance of securing all Android devices beyond just smartphones and tablets.

Threat intelligence for the report are based on data continuously and automatically captured by the Webroot Platform. The data comes from over 285 million real-world endpoints and sensors, specialized third-party databases, and intelligence supplied by Cisco, Citrix, F5 Networks and others.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.