Microsoft & Facebook Were Phishers' Favorite Brands in 2020

Cloud services was the most impersonated industry, followed by financial services, e-commerce, and social media, researchers report.

Dark Reading Staff, Dark Reading

February 9, 2021

2 Min Read
Dark Reading logo in a gray background | Dark Reading

Microsoft was the most frequently impersonated brand, and cloud services the most frequently spoofed industry, in a year when an extraordinary number of people switched to remote work.

This is the third year in a row that Microsoft topped phishers' favorite brands, report researchers at Vade Secure, which annually ranks the most impersonated brands and industries in phishing attacks. Microsoft accounted for 30,621 unique phishing URLs in 2020, followed by Facebook (14,876), which moved up two spots from 2019, then PayPal, Chase, and eBay in the top five. 

Cloud services companies were the most impersonated, with 33% of phishing URLs by industry. Financial services (29%) came in second, followed by e-commerce/logistics (16%), social media (13%), Internet/telecommunications (7%), and government (2%).

"COVID-19 colored everything in 2020, so it's not surprising that cloud came out on top," the researchers write in a blog post, noting the demand for cloud-based tools spiked last year. Microsoft Teams' user base, for example, jumped from 44 million people in March 2020 to 75 million in April. Facebook, Google, and Netflix, all in the top 20 brands, saw big financial gains. 

Pandemic-related phishing emails were a key trend in 2020. Many of the attacks spoofed health organizations and government agencies, researchers note. Some took on a more targeted angle and impersonated HR departments with fake messages about employee benefits. 

Emails laced with malware were also common: Emotet was a top threat last year, researchers report, and a wave of Emotet emails targeted Microsoft users in September. This attack led to a single-day high of 1,799 Microsoft phishing URLs and 13,617 for the third quarter, a 44% jump from the second quarter.

Read Vade Secure's full blog post for more details.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights