Banks received the lion’s share of phishing attacks during the first half of 2022, according to figures published by cybersecurity company Vade today.
The analysis also found that attackers were most likely to send their phishing emails on weekdays, with most arriving between Monday and Wednesday. Attacks tapered off towards the end of the week, Vade said.
While financial services scored highest on a per-sector basis, Microsoft was the most impersonated brand overall. The company’s Microsoft 365 cloud productivity services are a huge draw for cyber-criminals hoping to access accounts using phishing attacks.
Phishing attacks on Microsoft customers have become more creative, according to Vade, which identified several phone-based attacks. It highlighted a campaign impersonating Microsoft’s Defender anti-malware product, fraudulently warning that the company had debited a subscription fee. It encouraged victims to fix the problem by phone.
Facebook came a close second, followed by financial services company Crédit Agricole, WhatsApp and Orange.
Phishers targeted users’ fear of being denied access to their accounts in one Facebook-focused campaign. The attackers warned users that they were being locked out of their account for violating community standards – a message that might cause many to think that their account had already been hacked.
Another Facebook-targeted campaign fraudulently asked users for government ID to verify their identity. Combining WhatsApp and Facebook, both owned by Meta, would put the group company at the top of the phishing list.
Crédit Agricole, one of the largest banks in Europe, is a significant name in the top five because of its sector’s prevalence in phishing attacks. Financial services topped the list of the most impersonated industries in phishing during the first half of this year. Other financial services companies MTB and PayPal joined the company in the top 10. The report found that a third of the unique phishing URLs detected during the first six months of this year were related to financial services.
Cloud services was the second most targeted sector by phishing attackers, although Microsoft was by far the most targeted cloud services company. The next most popular cloud service provider target for phishing attackers was rival Google, which ranked tenth in the list of most-phished companies. Telecommunications was the third most-phished sector. This sector and cloud services combined accounted for 19% of all unique phishing URLs detected during the period.