sb-as logo
Story image

Microsoft, Facebook and PayPal most impersonated brands during phishing attacks

Microsoft, Facebook and PayPal are amongst the most impersonated brands during phishing attacks in 2020, according to a new report from Vade Secure.

Its annual Phishers' Favorites report for 2020 reveals that Microsoft has maintained its position as the brand most often found in phishing emails, followed by Facebook and PayPal.

During the year of lockdown and remote working, cloud services overtook financial services to become the most impersonated industry, whilst cynical hackers exploited the Covid-19 pandemic and issued large numbers of fake emails promising false cures or non-existent personal protective equipment.

Vade Secure protects more than one billion mailboxes around the world, allowing it to gain an unprecedented insight into the threats facing businesses. Its filter engine detects and analyses tens of thousands of unique phishing URLs every quarter. These phishing URLs refer to the number of URLs and not the volume of phishing emails received, because hackers will often send hundreds or thousands of phishing emails containing the same URL.

“Organisations need to be aware that phishers and other threat actors are always looking out for new ways to target them," says Adrien Gendre, chief product and services officer at Vade Secure.

“Phishing is just one tactic used by hackers and the ever-changing popularity of well-known brands shows how cybercriminals’ tactics are constantly evolving.

“The Phishers’ Favorites report highlights the importance of a proactive and comprehensive email security posture. Businesses should protect themselves and their clients from dynamic phishing attacks with a combination of training, technology, and vigilance.”

Key findings:

Microsoft is still the phishers’ favorite

Microsoft 365’s user base grew to 258 million in 2020, experiencing higher than expected growth driven by the Covid-19 pandemic. Microsoft has consistently remained at the top of Vade Secure’s Phishers’ Favorites quarterly reports, holding the #1 spot for four quarters.

The rise of Facebook and WhatsApp

Interest in Facebook has been on the rise since 2018 when Vade Secure first started tracking unique Facebook URLs. Q2 saw the biggest surge for Facebook phishing in 2020, with 4,373 unique URLs detected, for a total of 14,876 for the year.

WhatsApp made its first appearance on the Phishers’ Favorites list in Q1 2019, with a small number of phishing URLs. This changed drastically in Q4 2019, when Vade Secure detected 5,029 unique WhatsApp phishing URLs for the quarter. A spike in the number of WhatsApp spoof emails coincided with the pandemic, when social media brands became more popular among phishers.

Cloud services becomes most impersonated industry

In an abrupt change in Q2, and as businesses shifted to remote working, cloud services overtook financial services as the most impersonated industry. Microsoft, Netflix, Adobe, Apple, and Dropbox represented the most impersonated cloud services companies in the top 20. Both Google and Adobe saw growth in phishing URLs, moving up two and three spots respectively.

E-commerce phishing boom

In another major shift from 2019, e-commerce overtook social media as the third most impersonated industry. Like cloud services, e-commerce reached new heights in 2020 as shoppers went online in far greater numbers. eBay, for instance, didn’t make the top 20 list in 2019, but jumped 28 spots to #5 in 2020. 

Email security pandemic

When Covid-19 forced businesses to shift to teleworking, cybercriminals unleashed a massive wave of pandemic-themed phishing and spam emails. Capitalising on users’ fears and anxieties, hackers sent fake emails offering facemasks and PPE as well as phishing messages that impersonated the NHS and World Health Organization.