Vade, a global cybersecurity company that secures human collaboration with a combination of AI and human-powered detection and response, released its H1 2023 Phishing and Malware Report. The research reveals the top 10 most impersonated brands in phishing in H1 2023 and details phishing and malware trends in the first half of the year. Facebook landed in the No. 1 spot for the most impersonated brand in H1, followed by Microsoft. Rounding out the top 5 are Crédit Agricole, SoftBank and Orange.
Facebook and Microsoft continue their dominance as the most impersonated brands
Facebook and Microsoft’s collective dominance as the most spoofed brands continued into H1 2023, with the former accounting for 18% of all phishing URLs and the latter accounting for 15%. While Facebook was the clear leader, Microsoft overtook the social media giant in Q2 after experiencing a 22% QoQ increase in spoofing attempts. Demonstrating just how popular these brands are among hackers, Facebook and Microsoft together accounted for more unique phishing URLs than the next top five brands combined (Crédit Agricole, SoftBank, Orange, PayPal and Apple).
Financial services remains the most impersonated industry
Q2 was a record quarter for Japan-based Softbank, who ended the period as the third most impersonated brand in phishing attacks, accounting for 4591 unique URLs and experiencing a 1500% QoQ increase. At the end of H1, SoftBank ended up in the No. 4 slot behind Facebook, Microsoft and Crédit Agricole. But SoftBank isn’t alone – US-based First Citizens Bank experienced a 4000% increase in unique phishing URLs between Q1 (12) and Q2 (502). Last but not least, France-based Crédit Agricole jumped four places to become the third most impersonated brand in H1, with QoQ increases of 170% in Q1 and 61% in Q2, respectively.
It comes as no surprise that the financial services industry remained the most impersonated industry in H1. The sector accounted for more than 33% of all phishing URLs, followed by the social media (22%) and cloud (21%) industries.
Phishing attacks continue to target Microsoft and Google
In addition to Microsoft, Google also made it into the list of the top 10 most impersonated brands in H1, which is unsurprising given the popularity of both of their productivity suites, Microsoft 365 and Google Workspace. In Q2 alone, Vade uncovered two attacks targeting Microsoft 365 users and two attacks exploiting Google services, including YouTube and Google Translate. Research on these attacks and more can be found on Vade’s blog.
Additional highlights from the H1 2023 Phishing and Malware report include:
- In Q1 and Q2 2023, more financial services brands were among the top 25 most impersonated brands than in any quarter in the past 3 years
- Malware volumes increased slightly from H2 2022 (111.4 million) to H1 2023 (112.3 million)
- January saw the highest volume of phishing emails, while February saw the lowest
- Facebook accounted for 85% of the social media sector’s phishing URLs
SOURCE: PRNewswire