A Year Like No Other: Phishers’ Favorite Brands of 2020

COVID-19 helped drive a continuous onslaught of phishing attacks in 2020. From the World Health Organization (WHO) to your HR department, no one was safe from being spoofed. But COVID-19 wasn’t the only thing on phishers’ minds in 2020. They kept a close eye on their favorite brands, identified new targets to impersonate, and found unique ways to lure victims. 

Top 20 most impersonated brands of 2020 

Each quarter, Vade ranks the 25 most impersonated brands in phishing attacks. The analysis is based on the number of unique phishing URLs detected by Vade. A single unique phishing URL could be used in hundreds or even thousands of phishing emails. Our yearly report tallies the top 20 most impersonated brands in phishing attacks. 


For the third year in a row, Microsoft was the most impersonated brand, with 30,621 unique phishing URLs. In second place, and moving up two spots from 2019, is Facebook, with 14,876 URLs. Following closely behind is PayPal, which dropped one spot from 2019. Chase and eBay rounded out the top five.  

Most impersonated industries 

Cloud services companies were the most impersonated in 2020, followed by financial services, which held the top spot in 2019. While banks feature prominently in the top 20, with six brands on the list, the industry as a whole saw fewer unique phishing URLs than in 2019. 


COVID-19 colored everything in 2020, so it’s not surprising that cloud came out on top. As the working world switched to remote, the need for cloud-based solutions skyrocketed. Microsoft Teams users increased from 44 million in March 2020 to 75 million in April 2020. Meanwhile, Facebook, Google, and Netflix saw big financial gains during COVID-19, and each is in the top 20. 

eCommerce was the third most impersonated industry of the year, with eBay leading the list. eBay phishing has been on the rise since Q4 2019. As with most brands in the top 20, eBay phishing spiked in Q2 and Q3 2020, the height of COVID-19. 


New to the Phishers’ Favorites list, Rakuten, a Japanese e-commerce company, made its first appearance on the list, coming in at #6. Rakuten’s rise is thanks to a large spike in phishing activity in Q3 2020, when Vade detected a 485 percent increase in Rakuten phishing URLs. 

Phishing trends in 2020 

COVID-19 phishing emails led the wave in 2020. From the first days of the pandemic, hackers came out in force, with an array of attacks exploiting the emotions of a world on edge. Many attacks impersonated well known health organizations and government agencies. Others, however, were more targeted, including emails impersonating HR departments, with claims of employee incentives and benefits. 

covid-19-phishingPhishing emails weaponized with malware also featured prominently in 2020. Emotet, which had gone silent in early 2020, returned briefly in the spring and came roaring back in the fall. A wave of Emotet malware emails hit Microsoft users in September, with a single-day high of 1,799 phishing URLs and 13,617 for the quarter, a 44 percent increase from Q2.  


To see the full list of the most impersonated brands in phishing attacks and more insights on the top trends of the year, download Phishers’ Favorites 2020 Year in Review.