Vade, a global leader in predictive email defense with one billion protected mailboxes worldwide, today released its Phishers' Favorites report for H1 2021, which revealed that there has been a major jump in phishing attacks since the start of the year with a 281 percent spike in May and another 284 percent increase in June, for a total of 4.2 billion phishing emails detected by Vade for June alone. To put this in context, Vade scanned over 49 billion emails during the same period.
The Phishers' Favorites report series is a ranking of the top 25 most impersonated brands in phishing attacks, which can be read in full here, and analyzes unique phishing URLs detected by Vade's technology and available at www.IsItPhishing.AI. For this 6-month window Vade identified Crédit Agricole as the most impersonated brand, with 17,555 unique phishing URLs, followed by Facebook, with 17,338, and Microsoft, with 12,777.Outside of the brands that are most detected, Vade also used their machine learning algorithms to detect trends in the attacks, including 6.5 million COVID-themed emails targeting corporate email accounts. In taking a closer look 10 percent of all COVID-themed emails sent in the US and EU in Q2 were malicious.
Crédit Agricole is one of eight financial institutions on the top 25 list
H1 marks the first time Crédit Agricole has found itself in the top spot, but its position comes as no surprise in a year dominated by economic headlines. In February 2021, Crédit Agricole announced a "return to normal" after affording significant payment holidays from business and consumer loans during the COVID pandemic. However, in Q2 2021, Crédit Agricole phishing URLs increased 296 percent, while La Banque Postale URLs increased 831 percent, pushing them up 18 spots to #5 on the list. Other financial services brands in the top 25 include PayPal, Chase, and Wells Fargo. In total financial institutions made up for 36 percent of all URLs detected.
Microsoft is the most impersonated cloud brand
After four straight quarters at #1, Microsoft fell to #2 in Q1 2021 and #4 in Q2 2021, placing third on the list for the first half of the year. Although unique Microsoft phishing URLs have declined, the sophistication of Microsoft phishing has actually increased.
In June, Vade detected an advanced phishing attack that leveraged public logo and background images to automatically display corporate branding on fraudulent Microsoft 365 login pages. With a simple API call, cybercriminals determined whether a phishing victim was the intended target and then displayed their employer's corporate branding on a Microsoft phishing page. Joining Microsoft on the list of impersonated cloud brands are Netflix (#13), Adobe (#14), and Docusign (#23).
Facebook dominates social media phishing
Consistently ranked in the top five, Facebook once again dominated all other social media brands on the Phishers' Favorites list, ranking at #2 on the list. After a slowdown in Q4 2020, Facebook phishing increased 137 percent in Q1 2021. Despite a 13 percent decline in Facebook phishing URLs in Q2, Facebook still saw more than twice the number of phishing URLs than the second highest ranked social media brand,WhatsApp, which had 8,727 URLs for the time period.
Additional findings from the Phishers' Favorites H1 2021 report include:
- WhatsApp phishing increased 321% over H2 2021
- 36.4% of all unique phishing URLs impersonated financial services brands
- 25% of all unique phishing URLs impersonated social media brands
- Netflix phishing declined 51% over H2 2020
- Brazil is the #1 phishing country sender
Vade helps MSPs, ISPs, and OEMs protect their users from advanced cyberthreats, such as phishing, spear phishing, malware, and ransomware. The company's predictive email defense solutions leverage artificial intelligence, fed by data from 1 billion mailboxes, to block targeted threats and new attacks from the first wave. In addition, real-time threat detection capabilities enable SOCs to instantly identify new threats and orchestrate coordinated responses. Vade's technology is available as a native, API-based offering for Microsoft 365 or as lightweight, extensible APIs for enterprise SOCs.