Microsoft Remains the Most Impersonated Brand in Phishing Attacks, with Facebook Phishing Surging


For the fifth quarter in a row, Microsoft is the favorite domain of choice for scammers using phishing attacks to lure their victims into clicking on malicious content.

Each quarter, security vendor Vade Secure puts out their quarterly Phisher’s Favorites report, listing the top domains that are being leveraged as part of some very sophisticated phishing attacks.

As with last quarter’s coverage, the top five domains remain the same (in order from last quarter): Microsoft, Paypal, Netflix, Facebook, and Bank of America. But in this quarter’s report, we see the use of Facebook surging materially to not only put it well past Netflix to make it the third-most impersonated brand this quarter, but also see it encroaching upon Paypal’s number two spot.

Microsoft’s dominance is based on the lucrative nature of Office 365 credentials; with a single credential, attackers can potentially access a wealth of information and services, unlike any other. These attacks are also getting more sophisticated, according to Vade Secure, with phishers continuing to repurpose JavaScript, CSS, and other code from the legitimate Microsoft website to recreate an identical user experience that fools even the most savvy user.

With such well-known and well-used brands being utilized to create the illusion of legitimacy with potential victims, organizations need to train users using continual Security Awareness Training not just how to be vigilant looking for malicious email and web content, but also to have a security-centric mindset when working.

Seeing these same brands used quarter after quarter tells you one key piece of information – they’re working well for the cybercriminal. You’re going to need to step up your security awareness game to even have a chance of stopping these kinds of attacks.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews