Facebook and Microsoft are the most impersonated brands in phishing

Facebook jumped to the top spot in the 20 most impersonated brands by phishers in 2021, representing 14% of phishing pages, according to Vade’s annual Phishers’ Favorites report. 

Microsoft, with 13%, placed second, according to the report, which analyzed full-year phishing data captured by Vade, a company that offers an email filtering service for phishing, malware, spear phishing, and spam.

“Phishing remains one of the top threats to businesses around the world,” says Adrien Gendre, Vade’s chief product officer. “Phishers should no longer be viewed as lone hackers, but rather taken seriously as individuals who are part of organized hacking groups.” 

Security alerts, password resets lure victims

Amid the ongoing pandemic and its recent rebranding as Meta, Facebook has gained enormous traction, reaching over 2.9 billion active users. This has pushed the social media giant to the front line, making it a prime target for phishing attacks. Facebook phishing typically involves fake security alerts and password reset requests that  redirect the user to a phishing page — a website page impersonating a legitimate website and designed to steal user credentials. In 2020, Facebook was in the second spot on the list. 

Second on the list this year, Microsoft was the most impersonated cloud technology vendor. Microsoft-related phishing ran a gamut of sophisticated attacks, unlike the old email-only phishing techniques. The newer strategies included automated and highly targeted attacks that used little more than a Microsoft logo and a phishing link. The report highlights attacks that involved automatically rendering corporate logos and background images onto highly targeted Microsoft 365 phishing pages. 

“Attacks like the one highlighted in the report are designed [to activate] only when select victims clicked on the phishing link,” explains Gendre. “For example, if a user who is not useful to a hacker clicks on a phishing link, the phishing page will not trigger and they will be carried on to [a] safe page.”

This is achieved by the hacker validating the victim’s identity by sending an API call to Microsoft with the victim’s email address. If the victim ID checks out, the phishers make an HTTP post request for the Microsoft logo and background image and display it on the phishing page. 

Other top cloud tech and streaming services brands impersonated were Netflix and Adobe. 

Phishing hits financial sector

According to the report, “financial services” was the most impersonated industry of 2021, and represented 35% of all phishing pages. For the report, Vade analyzed 184,977 phishing pages linked from unique phishing emails. In 2020, the sector represented 28% of all phishing pages. 

The most impersonated financial services brands for 2021 included Chase, PayPal, and Wells Fargo. 

The report also highlighted Mondays and Tuesdays as days of the week when most phishing attacks were launched. Additionally, weekends (22%) were found to be lesser targeted for phishing compared to weekdays (78%). Within this, Microsoft phishing was found highly active during the weekdays, representing a corporate phishing trend, as opposed to social media phishing (e.g., Facebook) which remained equally active throughout the week. 

Another strong trend witnessed during the period included tech support scams turning into phishing attacks. Unlike conventional attacks, these attacks don’t include a phishing link but instead feature phone numbers. These numbers, when called, would then lure callers to establish remote access to personal systems for further exploitation. 

Using a phone number aids credibility, allows deeper extraction (for example, bank account numbers), and throws off filters that specifically look for phishing URLs, according to Gendre. 

Key recommendations outlined in the report included user training, adopting AI-based, antiphishing technology, automated incident response, and multiphase attack protection using unsupervised and NLP (natural language processing) algorithms to detect rare events and anomalies.