Microsoft takes top spot as most impersonated brand in phishing

Microsoft toppled Facebook for the top spot in the 25 most impersonated brands by phishers in the first half of 2022, with a total of 11,041 unique phishing URLs, according to Vade’s latest Phishers’ Favorites report.

Facebook, which was the most impersonated company in 2021, followed close behind in the second spot, with 10,448 phishing URLs, according to Vade, which offers an email filtering service for phishing, malware, spear phishing, and spam.

Other brands rounding out the top five in the list included Credit Agricole, Whatsapp, and Orange.

There was some good news in the report: The total number of phishing attacks decreased in the second quarter compared to the first. That’s because, even though the number of phishing attacks impersonating major brands like Microsoft and Facebook increased quarter over quarter, the first quarter of the year saw the most phishing attacks overall, with 81,447 unique phishing URLs detected, compared to 53,198 in the second quarter.

Microsoft, Facebook phishing rode on creative tactics

Microsoft’s widely popular 365 platform, with more than 240 million business subscribers, has created an irresistible target, fueling a 266 percent quarter-over-quarter jump in phishing attacks impersonating the brand this year.

According to Vade’s findings, the Microsft brand was used in a large number of technical support scams, as were other companies like McAfee, Norton, Apple and Amazon. What was  different in these scams is that hackers used phone numbers rather than phishing links to lure users and bypass email filters.

For instance, in June, hackers impersonated Microsoft Defender, alerting the intended victim about a $299.00 subscription payment supposedly posted to their bank account, which could  only be canceled via phone within 24 hours. When victims called the number listed in the alert, hackers would try to take control of users’ computers to install spyware.

Equally creative tactics were noticed in Facebook phishing, which included sending emails that indicated a user was being locked out of their social media accounts for “violation of Community Standards.” Subsequently, the victim had to click on “disagree with decision” within 30 days in order to regain access, thereby initiating the phishing payload.

Another phishing attack asked users to confirm their identity with formal documents, saying that it was required by Facebook’s “renewed privacy policy.”

Financial, cloud sectors are biggest phishing targets

Financial services topped the list of most impersonated industries in phishing, with eight brands in the top 25. The top phished brands in the space include Credit Agricole, MTB, and PayPal, recording a 203%, 332%, and 305% quarter-over-quarter increase respectively.  

Cloud services, with a contribution of six names in the top 25 list, were the second most impersonated segment, including brands like Microsoft, Google, Netflix, Adobe, and Docusign.

While Financial services represented 34% of all unique phishing URLs detected, cloud and internet/telco companies contributed 19%. Social Media, e-commerce, and government sectors had a 17%, 10%, and 1% share, respectively.

Another key finding in the report was that most phishing attacks were observed during the weekdays, with Tuesdays being the most active.