Microsoft tops Vade's phishing report, which has some good news: The overall number of phishing attacks declined in the second quarter. Credit: Weerapatkiatdumrong / Getty Images Microsoft toppled Facebook for the top spot in the 25 most impersonated brands by phishers in the first half of 2022, with a total of 11,041 unique phishing URLs, according to Vade’s latest Phishers’ Favorites report.Facebook, which was the most impersonated company in 2021, followed close behind in the second spot, with 10,448 phishing URLs, according to Vade, which offers an email filtering service for phishing, malware, spear phishing, and spam.Other brands rounding out the top five in the list included Credit Agricole, Whatsapp, and Orange.There was some good news in the report: The total number of phishing attacks decreased in the second quarter compared to the first. That’s because, even though the number of phishing attacks impersonating major brands like Microsoft and Facebook increased quarter over quarter, the first quarter of the year saw the most phishing attacks overall, with 81,447 unique phishing URLs detected, compared to 53,198 in the second quarter. Microsoft, Facebook phishing rode on creative tacticsMicrosoft’s widely popular 365 platform, with more than 240 million business subscribers, has created an irresistible target, fueling a 266 percent quarter-over-quarter jump in phishing attacks impersonating the brand this year.According to Vade’s findings, the Microsft brand was used in a large number of technical support scams, as were other companies like McAfee, Norton, Apple and Amazon. What was different in these scams is that hackers used phone numbers rather than phishing links to lure users and bypass email filters. For instance, in June, hackers impersonated Microsoft Defender, alerting the intended victim about a $299.00 subscription payment supposedly posted to their bank account, which could only be canceled via phone within 24 hours. When victims called the number listed in the alert, hackers would try to take control of users’ computers to install spyware.Equally creative tactics were noticed in Facebook phishing, which included sending emails that indicated a user was being locked out of their social media accounts for “violation of Community Standards.” Subsequently, the victim had to click on “disagree with decision” within 30 days in order to regain access, thereby initiating the phishing payload.Another phishing attack asked users to confirm their identity with formal documents, saying that it was required by Facebook’s “renewed privacy policy.”Financial, cloud sectors are biggest phishing targets Financial services topped the list of most impersonated industries in phishing, with eight brands in the top 25. The top phished brands in the space include Credit Agricole, MTB, and PayPal, recording a 203%, 332%, and 305% quarter-over-quarter increase respectively. Cloud services, with a contribution of six names in the top 25 list, were the second most impersonated segment, including brands like Microsoft, Google, Netflix, Adobe, and Docusign.While Financial services represented 34% of all unique phishing URLs detected, cloud and internet/telco companies contributed 19%. Social Media, e-commerce, and government sectors had a 17%, 10%, and 1% share, respectively. Another key finding in the report was that most phishing attacks were observed during the weekdays, with Tuesdays being the most active. Related content news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offer advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain Supply Chain news New CISO appointments 2023 Keep up with news of CSO, CISO, and other senior security executive appointments. By CSO Staff Dec 08, 2023 28 mins CSO and CISO Careers Security news Top cybersecurity product news of the week New product and service announcements from Coro, Descope, Genetec, Varonis, Cloudbrink, Databarracks, and Security Journey By CSO staff Dec 07, 2023 22 mins Generative AI Security news analysis Attackers breach US government agencies through ColdFusion flaw Both incidents targeted outdated and unpatched ColdFusion servers and exploited a known vulnerability. By Lucian Constantin Dec 06, 2023 5 mins Advanced Persistent Threats Cyberattacks Vulnerabilities Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe