Phishing Attacks Target Facebook, Microsoft, Making Them Most Impersonated Brands

Cybersecurity firm Vade has found that Facebook is the No.1 most impersonated brand when it comes to phishing attacks. Vade just released research which documented the top 10 most impersonated brands as well as phishing and malware trends in the first half of the year.

In Vade’s H1 2023 Phishing and Malware Report, Microsoft landed in the second spot. Others in the top five include Crédit Agricole, SoftBank and Orange.

Phishing Attacks: Facebook, Microsoft Dominate as Most Impersonated Brands

While Facebook is consistently in the dubious lead, Microsoft overtook the social media giant in the second quarter after experiencing a 22% quarter-over-quarter increase in spoofing attempts. Hackers have gravitated to those two brands as Facebook and Microsoft together accounted for more unique phishing URLs than the next top five brands (Crédit Agricole, SoftBank, Orange, PayPal and Apple) combined.

Financial services remained the most impersonated industry in the second quarter, and the sector accounts for more than 33% of all phishing URLs, followed by social media (22%) and cloud (21%).

It was a record quarter for Japan-based Softbank, which ended the period as the third most impersonated brand in phishing attacks, accounting for 4,591 unique URLs and experiencing a 1,500% quarterly increase. At the end of the first half of the year, SoftBank ended up in the No. 4 slot behind Facebook, Microsoft and Crédit Agricole.

However, SoftBank isn’t alone. First Citizens Bank experienced a 4,000% increase in unique phishing URLs between Q1 (12) and Q2 (502). Also, France-based Crédit Agricole jumped four places to become the third most impersonated brand in H1 2023, with quarterly increases of 170% in the first quarter and 61% in the second quarter.

Phishing Attacks Still Plague Microsoft and Google

Along with Microsoft, Google achieved top-10 status as the most impersonated brands in the first half of 2023, which is unsurprising, said the Vade report authors, given the popularity of both of their productivity suites, Microsoft 365 and Google Workspace. In Q2 alone, Vade uncovered two attacks targeting Microsoft 365 users and two attacks exploiting Google services, including YouTube and Google Translate.

There were additional highlights from the H1 2023 Phishing and Malware report. Malware volumes increased slightly from H2 2022 (111.4 million) to H1 2023 (112.3 million). January saw the highest volume of phishing emails, while February saw the lowest. Finally, Facebook accounted for 85% of the social media sector’s phishing URLs.