“Barely edging Microsoft out of the top spot, Facebook is the most impersonated brand of 2021, representing 14% of phishing pages analyzed by Vade,” the researchers write. “Facebook, which sat at #2 on the Phishers’ Favorites list in 2020, has seen increased interest from phishers over the last two years. While Facebook has dominated social media for more than a decade, disruptive social changes, including COVID-19 and political unrest, created a perfect storm for phishers’ to capitalize on the last two years. Always ready to exploit a bad situation, phishers’ have no doubt kept tabs on Facebook and found ample opportunities to exploit its users.”
The two atop the leader board may both be IT companies, but another sector is heavily represented in the field. Unsurprisingly, more than a third of phishing attacks impersonated companies in the financial industry.
“Representing 35% of all phishing pages, financial services was the most impersonated industry of the year,” Vade says. “Crédit Agricole, Chase, Wells Fargo, and PayPal are among the top 20 most impersonated brands, while financial services overall had six brands on the list.”
The researchers also observed an increase in tech support scams that encouraged recipients to call a phone number rather than click a link in the email.
“In March 2021, Vade began tracking a phishing campaign that impersonated several antivirus providers, including Norton, McAfee, and Microsoft,” the researchers write. “Unlike traditional phishing emails, the tech support scams did not include links but phone numbers. Users were urged to call a phone number in the footer of the email to either renew their subscriptions or be charged a renewal fee. Once on the phone, users are lured by hackers who convince the users that their computers are infected with malware. Vade detected 1 million tech support scam emails between March and April 2021.”
New-school security awareness training can enable your employees to recognize phishing attacks.