Cybercriminals change tactics throughout the week when waging phishing attacks, as social media services like Facebook are targeted more during the weekend, according to the Q1 2019 Phishers’ Favorites report published Thursday by Vade Secure.

Social engineering attacks–typically in the form of phishing–continue to be a popular mode of attack for cybercriminals, while an increase in social media for personal brand building, including the rise of Instagram “influencers,” resulted in an increased targeting of social media services. After three quarters of decline, Facebook-targeted phishing campaigns increased 155.5% in Q1, making it the fourth most-impersonated brand, jumping three places from the previous report.

SEE: Phishing and spearphishing: An IT pro’s guide (free PDF) (TechRepublic)

Instagram phishing increased by 1,868.8% over the last quarter, jumping 47 positions to land at 24th. Increased interest in social media among phishers is not universal, as LinkedIn dropped nine positions, landing at 19th.

From the report, the 10 most impersonated brands in North America are:

  1. Microsoft
  2. PayPal
  3. Netflix
  4. Facebook
  5. Bank of America
  6. Crédit Agricole
  7. DHL
  8. Apple
  9. Dropbox
  10. CIBC

Despite a 4.5% decrease in phishing attempts, Microsoft is still #1, while PayPal and Netflix swapped positions over the last quarter. Bank of America dropped one position, while impersonation of French financial institution Crédit Agricole increased 160%, jumping 15 positions to #6. Phishing campaigns of Apple and Canadian “Big 5” bank CIBC increased 55% and 44% respectively.

Of note, according to the report, “many Netflix phishing emails contain as many as six or seven legitimate Netflix links (in addition to one malicious link). This technique is aimed at fooling both reputation-based email filters and users, who check one or two links and then assume that the email is legitimate.”

Changes over the week are also apparent, as Netflix and Facebook phishing increases over the weekend, while phishing of Bank of America increased on Friday and Saturday, perhaps due to payday for some workers. Microsoft, Dropbox, PayPal, and Credit Agricole phishing is most concentrated on Monday and Tuesday.

“Given the focus on Office 365 – versus Microsoft’s consumer products and services – hackers are clearly trying to take advantage of professionals being in the office and active on email during the week to increase their odds of success,” the report noted.

For more on phishing and security, read TechRepublic’s coverage of how to prevent spear phishing attacks: 8 tips for your business, and why 57% of IT workers who get phished don’t change their password behaviors.