Microsoft toppled Facebook for the top spot in the 25 most impersonated brands by phishers in the first half of 2022, with a total of 11,041 unique phishing URLs, according to Vade's latest Phishers' Favorites report.
Facebook, which was the most impersonated company in 2021, followed close behind in the second spot, with 10,448 phishing URLs, according to Vade, which offers an email filtering service for phishing, malware, spear phishing, and spam.
Other brands rounding out the top five in the list included Credit Agricole, Whatsapp, and Orange.
There was some good news in the report: The total number of phishing attacks decreased in the second quarter compared to the first.
That's because, even though the number of phishing attacks impersonating major brands like Microsoft and Facebook increased quarter over quarter, the first quarter of the year saw the most phishing attacks overall, with 81,447 unique phishing URLs detected, compared to 53,198 in the second quarter.
Microsoft, Facebook phishing rode on creative tactics
Microsoft’s widely popular 365 platform, with more than 240 million business subscribers, has created an irresistible target, fuelling a 266 per cent quarter-over-quarter jump in phishing attacks impersonating the brand this year.
According to Vade’s findings, the Microsft brand was used in a large number of technical support scams, as were other companies like McAfee, Norton, Apple and Amazon. What was different in these scams is that hackers used phone numbers rather than phishing links to lure users and bypass email filters.
For instance, in June, hackers impersonated Microsoft Defender, alerting the intended victim about a $299.00 subscription payment supposedly posted to their bank account, which could only be cancelled via phone within 24 hours. When victims called the number listed in the alert, hackers would try to take control of users’ computers to install spyware.
Equally creative tactics were noticed in Facebook phishing, which included sending emails that indicated a user was being locked out of their social media accounts for "violation of Community Standards." Subsequently, the victim had to click on "disagree with decision" within 30 days in order to regain access, thereby initiating the phishing payload.
Financial, cloud sectors are biggest phishing targets
Financial services topped the list of most impersonated industries in phishing, with eight brands in the top 25. The top phished brands in the space include Credit Agricole, MTB, and PayPal, recording a 203 per cent, 332 per cent, and 305 per cent quarter-over-quarter increase respectively.
Cloud services, with a contribution of six names in the top 25 list, were the second most impersonated segment, including brands like Microsoft, Google, Netflix, Adobe, and Docusign.
While Financial services represented 34 per cent of all unique phishing URLs detected, cloud and internet/telco companies contributed 19 per cent. Social Media, e-commerce, and government sectors had a 17 per cent, 10 per cent, and one per cent share, respectively.
Another key finding in the report was that most phishing attacks were observed during the weekdays, with Tuesdays being the most active.