Microsoft ranked first among the most-impersonated brands in phishing attacks last year, according to research from email security company Vade Secure. This marks the third consecutive year that Microsoft earned the top spot on Vade Secure's list of the most-impersonated brands in phishing attacks.
Other notable findings from Vade Secure's research included:
- The single-day high for Microsoft phishing attacks occurred September 24, when Vade Secure detected 1,151 unique Microsoft phishing URLs.
- Facebook was second in terms of brands attackers most frequently impersonated during phishing attacks, followed by PayPal, Chase and eBay.
- Along with ranking second in terms of most-impersonated brands, Facebook was the most-impersonated social media brand, followed by WhatsApp and LinkedIn.
- Cloud bypassed financial services to earn the top spot in terms of the highest percentage of phishing URLs by industry; this is due in part to the rising use of cloud services for remote work during the coronavirus (COVID-19) pandemic.
- 10 to 15 percent of Black Friday emails analyzed by Vade Secure were classified as malicious.
Cybercriminals are using sophisticated phishing attacks to bypass advanced filters and trained users, Vade Secure noted in its report. To combat these attacks, organizations can:
- Provide contextual training to educate employees about phishing attacks and the dangers associated with them
- Invest in anti-phishing technology that uses artificial intelligence and deep learning algorithms to identify potential phishing attacks
- Automate phishing remediation to reduce manual investigation and response to phishing attacks
- Leverage multiphase phishing attack protection tools to guard against spear phishing emails
Along with these techniques, the National Institute of Standards and Technology (NIST) in September unveiled the Phish Scale phishing detection method to help organizations analyze their susceptibility to phishing attacks.
Organizations can use the Phish Scale to rate message content in a phishing email, NIST noted. They can then rate cues that should tip off recipients about the legitimacy of an email and identify any tactics that cybercriminals are using to phish recipients.