Financial services accounting for nearly 40% of all phishing URLs

Vade released its Phishers’ Favorites report for H1 2021, which revealed that there has been a major jump in phishing attacks since the start of the year with a 281 percent spike in May and another 284 percent increase in June, for a total of 4.2 billion phishing emails detected by Vade for June alone.

For this 6-month window researchers identified Crédit Agricole as the most impersonated brand, with 17,555 unique phishing URLs, followed by Facebook, with 17,338, and Microsoft, with 12,777.

Crédit Agricole is one of eight financial institutions on the top 25 list

H1 marks the first time Crédit Agricole has found itself in the top spot, but its position comes as no surprise in a year dominated by economic headlines. In February 2021, Crédit Agricole announced a “return to normal” after affording significant payment holidays from business and consumer loans during the COVID pandemic.

However, in Q2 2021, Crédit Agricole phishing URLs increased 296 percent, while La Banque Postale URLs increased 831 percent, pushing them up 18 spots to #5 on the list. Other financial services brands in the top 25 include PayPal, Chase, and Wells Fargo. In total financial institutions made up for 36 percent of all URLs detected.

Microsoft is the most impersonated cloud brand

After four straight quarters at #1, Microsoft fell to #2 in Q1 2021 and #4 in Q2 2021, placing third on the list for the first half of the year. Although unique Microsoft phishing URLs have declined, the sophistication of Microsoft phishing has actually increased.

In June, Vade detected an advanced phishing attack that leveraged public logo and background images to automatically display corporate branding on fraudulent Microsoft 365 login pages.

With a simple API call, cybercriminals determined whether a phishing victim was the intended target and then displayed their employer’s corporate branding on a Microsoft phishing page. Joining Microsoft on the list of impersonated cloud brands are Netflix (#13), Adobe (#14), and Docusign (#23).

Facebook dominates social media phishing

Consistently ranked in the top five, Facebook once again dominated all other social media brands on the Phishers’ Favorites list, ranking at #2 on the list.

After a slowdown in Q4 2020, Facebook phishing increased 137 percent in Q1 2021. Despite a 13 percent decline in Facebook phishing URLs in Q2, Facebook still saw more than twice the number of phishing URLs than the second highest ranked social media brand, WhatsApp, which had 8,727 URLs for the time period.

Additional findings

• WhatsApp phishing increased 321% over H2 2021
• 36.4% of all unique phishing URLs impersonated financial services brands
• 25% of all unique phishing URLs impersonated social media brands
• Netflix phishing declined 51% over H2 2020
• Brazil is the #1 phishing country sender