Microsoft & Facebook Were Phishers' Favorite Brands in 2020Microsoft & Facebook Were Phishers' Favorite Brands in 2020
Cloud services was the most impersonated industry, followed by financial services, e-commerce, and social media, researchers report.
February 9, 2021
Microsoft was the most frequently impersonated brand, and cloud services the most frequently spoofed industry, in a year when an extraordinary number of people switched to remote work.
This is the third year in a row that Microsoft topped phishers' favorite brands, report researchers at Vade Secure, which annually ranks the most impersonated brands and industries in phishing attacks. Microsoft accounted for 30,621 unique phishing URLs in 2020, followed by Facebook (14,876), which moved up two spots from 2019, then PayPal, Chase, and eBay in the top five.
Cloud services companies were the most impersonated, with 33% of phishing URLs by industry. Financial services (29%) came in second, followed by e-commerce/logistics (16%), social media (13%), Internet/telecommunications (7%), and government (2%).
"COVID-19 colored everything in 2020, so it's not surprising that cloud came out on top," the researchers write in a blog post, noting the demand for cloud-based tools spiked last year. Microsoft Teams' user base, for example, jumped from 44 million people in March 2020 to 75 million in April. Facebook, Google, and Netflix, all in the top 20 brands, saw big financial gains.
Pandemic-related phishing emails were a key trend in 2020. Many of the attacks spoofed health organizations and government agencies, researchers note. Some took on a more targeted angle and impersonated HR departments with fake messages about employee benefits.
Emails laced with malware were also common: Emotet was a top threat last year, researchers report, and a wave of Emotet emails targeted Microsoft users in September. This attack led to a single-day high of 1,799 Microsoft phishing URLs and 13,617 for the third quarter, a 44% jump from the second quarter.
Read Vade Secure's full blog post for more details.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
How to Use Threat Intelligence to Mitigate Third-Party Risk
Everything You Need to Know About DNS Attacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Get the Gartner Report: SOC Model Guide
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report