H1 2023 Phishing and Malware Report: Phishing Threats Increase 54%
July 13, 2023—
3 min read
In H1 2023, Vade detected a significant number of phishing and malware threats. Phishing volumes increased by more than 54% during this period compared to H2 2022 (742.9 million vs. 482.2 million). Meanwhile, H1 2023 malware volumes saw a slight increase (112.3 million) compared to the previous period (111.4 million).
Let’s dive into the details and trends behind these numbers.
Phishing and malware trends: January and June were the most active months for phishers
As reported in last quarter’s phishing and malware report, January accounted for the highest volume of phishing emails in Q1 with 488.5 million, which also surpassed any month in Q2. June was the second most active month for phishing, with more email threats observed during this period than in April or May combined (91 million vs. 89 million). Meanwhile, February was the least active month for phishers (26.6 million emails). Overall, phishing volumes in Q1 surpassed those in Q2 (562.5 million vs. 180.4 million).
Phishing emails H1 2023
Phishing and malware trends: malware volumes remain persistently high
April saw the highest volume of malware threats (26.2 million), followed by March (20.3 million) and June (20 million). For 2023, malware volumes in Q2 surpassed those in Q1 (60 million vs. 52.3 million).
Malware emails H1 2023
[Related Content]: Q1 2023 Phishing and Malware Report: Phishing Increases 102% QoQ
Facebook and Microsoft remain the top impersonated brands
Each quarter, Vade’s filter engine detects and analyzes millions of phishing emails and hundreds of thousands of phishing webpages. By analyzing unique branded phishing websites, Vade assembles a list of the top brands impersonated by hackers.
While trends in phishing frequently evolve, Facebook and Microsoft’s collective dominance as the most spoofed brands continues. Since 2020, both have finished every quarter in first or second place, a trend that persisted in H1 2023.
Facebook took first place in H1, accounting for 18% of all phishing URLs and topping Microsoft (15%). Facebook also ended Q1 as the most impersonated brand, while Microsoft overtook the social media giant in Q2 after experiencing a 22% QoQ increase in spoofing attempts.
In H1, Facebook and Microsoft together accounted for more unique phishing URLs than the next top five brands combined, which included Crédit Agricole, SoftBank, Orange, PayPal, and Apple.
Top 10 most impersonated brands H1 2023
Phishing URLs spoofing SoftBank, First Citizens Bank, and Crédit Agricole increase significantly in Q2
For Japan-based SoftBank, 2023 has proven to be an exceptional year in terms of spoofing attempts. The financial services brand ended Q2 as the third most impersonated brand in phishing attacks, accounting for 4591 unique URLs, trailing only Microsoft and Facebook after experiencing a nearly 1500% QoQ increase. Overall, SoftBank finished H1 as the fourth most impersonated brand.
SoftBank phishing page detected by Vade
Yet SoftBank's active 2023 reflects a global trend in the financial services industry. US-based First Citizens Bank, which accounted for 12 unique phishing URLs in Q1, saw this total increase by more than 4000% to reach 502 for Q2, the 16th highest total among all brands for the quarter.
First Citizens Bank phishing page detected by Vade
Meanwhile, France-based Crédit Agricole jumped four places to become the third most impersonated brand in H1, following QoQ increases of 170% and 61% for Q1 and Q2, respectively.
Crédit Agricole phishing page detected by Vade
Financial services continues its dominance as the most impersonated industry
The financial services industry remains the most impersonated industry. In Q1 and Q2 2023, more financial services brands were among the top 25 than in any quarter in 2022, 2021, or 2020. Q1 accounted for a record 12 brands, while Q2 and H1 each resulted in 11. Additionally, the sector accounted for more than 33% of all phishing URLs in H1, followed by social media (22%) and cloud (21%).
Phishing by industry H1 2023
Only three social media companies broke into the list of top 25 most impersonated brands, with Facebook accounting for the largest share of the sector’s phishing URLs (85%), followed by WhatsApp (9%) and Instagram (5%). Like social media, only three cloud brands made the list of top 25. Microsoft led the sector (accounting for 53% of its phishing URLs), trailed by Google (12%) and Netflix (7%).
Phishing attacks continue to target Microsoft and Google
As previously reported by Vade, Microsoft and Google are top targets for hackers due in part to the popularity of their productivity suites, Microsoft 365 and Google Workspace. Microsoft and Google were among the list of top 10 spoofed brands in H1, after ending 2022 in second and third place, respectively.
In June, Vade reported its threat analysis of “Greatness,” a sophisticated phishing-as-a-service (PhaaS) offering targeting Microsoft 365 users. The threat facilitates a man-in-the-middle (MitM) attack, acting as a proxy for Microsoft’s authentication system and stealing user credentials or cookies.
This threat follows two other PhaaS offerings detected by Vade earlier this year, each exploiting Google services, including YouTube and Google Translate. In June, Vade also detected another phishing attack impersonating Microsoft 365’s authentication system.
Microsoft phishing page detected by Vade in June 2023
As the popularity of productivity suites continues to increase, so does the supply of attacks spoofing the technology. This presents important implications for businesses, including the need to secure human collaboration with a new approach to productivity suite security.
Email is the top vector for phishing and malware threats
Email remains the most popular channel for distributing phishing and malware threats. That’s not likely to change anytime soon, as the communication method provides hackers with a direct and convenient channel to exploit the greatest weakness in your attack surface (users). And with the rise of productivity tools, email is becoming more important and vulnerable than before.
To stay protected, your organization must look to fortify your email security. That calls for augmenting Microsoft’s native security with an integrated, third-party solution like Vade for M365. The solution combines advanced capabilities for incident response, threat detection and remediation, threat intelligence and investigation, and automated phishing awareness training.