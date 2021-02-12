Microsoft once again was the most-impersonated brand in phishing attacks, research from email security company Vade Secure shows.

Other notable findings from Vade Secure’s research included:

The single-day high for Microsoft phishing attacks occurred September 24, when Vade Secure detected 1,151 unique Microsoft phishing URLs.

Facebook was second in terms of brands attackers most frequently impersonated during phishing attacks, followed by PayPal, Chase and eBay.

Along with ranking second in terms of most-impersonated brands, Facebook was the most-impersonated social media brand, followed by WhatsApp and LinkedIn.

Cloud bypassed financial services to earn the top spot in terms of the highest percentage of phishing URLs by industry; this is due in part to the rising use of cloud services for remote work during the coronavirus (COVID-19) pandemic.

10 to 15 percent of Black Friday emails analyzed by Vade Secure were classified as malicious.

Cybercriminals are using sophisticated phishing attacks to bypass advanced filters and trained users, Vade Secure noted in its report. To combat these attacks, organizations can:

Provide contextual training to educate employees about phishing attacks and the dangers associated with them

Invest in anti-phishing technology that uses artificial intelligence and deep learning algorithms to identify potential phishing attacks

Automate phishing remediation to reduce manual investigation and response to phishing attacks

Leverage multiphase phishing attack protection tools to guard against spear phishing emails

Along with these techniques, the National Institute of Standards and Technology (NIST) in September unveiled the Phish Scale phishing detection method to help organizations analyze their susceptibility to phishing attacks.

Organizations can use the Phish Scale to rate message content in a phishing email, NIST noted. They can then rate cues that should tip off recipients about the legitimacy of an email and identify any tactics that cybercriminals are using to phish recipients.