Phishers’ Favorites 2021 Year-in-Review: Financial Services Phishing Tops all Others
Natalie Petitto
—March 03, 2022
—2 min read

Today, Vade released our annual Phishers’ Favorites Year-in-Review. For this report, Vade analyzed 184,977 phishing pages from January 1, 2021 to December 31, 2021. The Phishers’ Favorites 2021 Year-in-Review is a deep dive into the most impersonated brands of the year, the industries that were hardest hit, and the phishing trends that defined the year.
Facebook is the most impersonated brand of 2021
Barely edging Microsoft out of the top spot, Facebook is the most impersonated brand of 2021, representing 14% of phishing pages analyzed by Vade. Facebook, which sat at #2 on the Phishers’ Favorites list in 2020, has seen increased interest from phishers over the last two years.
While Facebook has dominated social media for more than a decade, disruptive social changes, including COVID-19 and political unrest, created a perfect storm for phishers’ to capitalize on the last two years. Always ready to exploit a bad situation, phishers’ have no doubt kept tabs on Facebook and found ample opportunities to exploit its users.
Microsoft is 2nd most impersonated brand and most impersonated cloud brand
After three years in the top spot, Microsoft came in at #2 in 2021, representing 13% of phishing pages. Vade has observed an increase in the sophistication of Microsoft attacks in 2021, including a June attack that leveraged automation to populate victims’ corporate logos onto Microsoft phishing pages. You can read more about that Microsoft phishing attack in our H1 Phishers’ Favorites report.
Microsoft has dominated all other brands on the Phishers’ Favorites report since our first report in 2018. Microsoft’s corporate base of more than 240 million corporate users makes it’s a lucrative target for cybercriminals interested in sensitive company data hosted in OneDrive and SharePoint.
Phishing remains one of the top attack vectors for breaching Microsoft. But as we saw in 2021, from the Microsoft Exchange hack to the SolarWinds attack that affected Microsoft customers, hackers are actively exploiting the myriad ways to get to Microsoft’s customers.
Financial services was the most impersonated industry
Representing 35% of all phishing pages, financial services was the most impersonated industry of the year. Crédit Agricole, Chase, Wells Fargo, and PayPal are among the top 20 most impersonated brands, while financial services overall had six brands on the list.
Social media, the second most impersonated industry of 2021, represented 24 percent of all phishing pages, followed by cloud, at 19 percent.
Mondays and Tuesdays are most popular days for phishing
As in previous years, most phishing attacks occur on weekdays. In 2021, Monday and Tuesday were the most popular days for phishing, followed by Wednesday and Thursday.
Consumer brands, however, see more phishing activity in general than corporate brands on the weekend. As you can see in the chart below, although Facebook phishing activity is lower on weekends than on weekdays, there is still significant phishing activity.
2021 phishing trends
Still riding the wave of the COVID-19 pandemic, phishers preyed on remote workers. A new threat emerged that leveraged fears about computer viruses. In March 2021, Vade began tracking a phishing campaign that impersonated several antivirus providers, including Norton, McAffee, and Microsoft.
Unlike traditional phishing emails, the tech support scams did not include links but phone numbers. Users were urged to call a phone number in the footer of the email to either renew their subscriptions or be charged a renewal fee. Once on the phone, users are lured by hackers who convince the users that their computers are infected with malware. Vade detected 1 million tech support scam emails between March and April 2021.
In October, a new version of the tech support scam emerged, this time impersonating Apple and Amazon. Users were once again lured with a phone number rather than a phishing link, along with fake invoices for high-dollar purchases.