Share this story

Secure’s Q2 Phishers’ Favorites Report details cybercriminals’ tactics for targeting
Office 365 email users and impersonating major brands such as PayPal and Amazon

BOSTON, Mass. – August 22, 2019 – Vade Secure, the global leader in predictive email defense, today published the results of its Phishers’ Favorites report for Q2 2019. According to the report, which ranks the 25 most impersonated brands in phishing attacks, Microsoft was by far the top target for the fifth straight quarter. There was also a significant uptick in Facebook phishing, as the social media giant moved up to the third spot on the list as a result of a staggering 176 percent YoY growth in phishing URLs.

The report, which can be read in full
, was developed by analyzing the number of unique phishing URLs
detected by Vade Secure and made publicly available on www.IsItPhishing.AI. Leveraging data from more than 600
million protected mailboxes worldwide, Vade’s machine learning algorithms
identify the brand being impersonated as part of its real-time analysis of the
URL and page content.

Microsoft phishing continues to dominate

Microsoft has ranked number one on the
Phishers’ Favorites list every quarter since the official rankings were first
released over a year ago. In Q2 2019, Vade’s AI engine detected 20,217 unique
Microsoft phishing URLs, for an average of more than 222 per day. This
represents a 15.5 percent YoY increase, compared to Q2 2018.

Microsoft phishing has become a
potential goldmine thanks to the growth of Office 365, which boasts more than
180 million active monthly business users. Office 365 is increasingly the heart
of companies, providing the essential services (email, chat, document
management, project management, etc.) that businesses depend on to run. Each set
of Office 365 credentials provides a single entry point not just to the entire
platform but the entire business, allowing cybercriminals to launch insider
attacks targeting anyone in the organization in just one step. 

Facebook surges

Facebook phishing has been on a tear
throughout 2019 and advanced one spot up to number three in Q2 thanks to a
175.8 percent increase in phishing URLs. One explanation for this rise in
popularity could be the prevalence of social sign-on using Facebook accounts, a
feature called Facebook Login. This is particularly attractive to
cybercriminals because they’ll be able to see what other apps the user has
authorized via social sign-on, and potentially compromise those accounts as

key findings within the Q2 Phishers’ Favorites report include:

  • PayPal
    (#2), Netflix (#4), Bank of America (#5), Apple (#6), CIBC (#7), Amazon (#8),
    DHL (#9) and DocuSign (#10) rounded out the top 10 most impersonated brands.

  • Amazon
    phishing URLs saw a massive spike in Q2 – growing 182.6 percent over Q1, and
    411.5 percent YoY. This coincides with reports of a new Amazon phishing kit in
    May, as well as the lead up to Prime Day 2019.

  • In
    terms of the most impersonated industries, cloud companies took the top spot
    for the fifth straight quarter with 37.6 percent, followed by financial
    services (33.1 percent), social media (15.6 percent), e-commerce/logistics (7.7
    percent) and internet/telco (5.2 percent).

  • A
    large majority of phishing (80 percent) took place on weekdays, while Tuesdays
    and Wednesdays were the most popular days for cybercriminals to take their

“Cybercriminals are more sophisticated
than ever, and the ways they target corporate and consumer email users
continued to evolve in Q2,” said Adrien Gendre, Chief Solution Architect at
Vade Secure. “Microsoft Office 365 phishing is the gateway to massive amounts
of corporate data, while gaining access to a consumer’s Facebook log-in
information could compromise much of their personal, sensitive information. The
fact that we saw such a significant volume in impersonations of these two
brands, along with the coinciding new methods of attack, means that virtually
all email users and organizations need to be on heightened alert.”

For full insight into the top 25 most
impersonated brands and specifics into the latest tactics and phishing attack
methods being deployed, please read the full
report on the Vade Secure blog

About Vade Secure

Vade Secure
helps SMBs, enterprises, ISPs and OEMs protect their users from advanced
cyberthreats, such as phishing, spear phishing, malware, and ransomware. The
company's predictive email defense solutions leverage artificial intelligence,
fed by data from 600 million mailboxes, to block targeted threats and new
attacks from the first wave. In addition, real-time threat detection
capabilities enable SOCs to instantly identify new threats and orchestrate
coordinated responses. Vade Secure's technology is available as a native,
API-based offering for Office 365; as cloud-based solutions; or as lightweight,
extensible APIs for enterprise SOCs.

For more
information, visit and follow
the company on Twitter @VadeSecure or on
LinkedIn at

# # #

Media contacts:

Jenna Finn
SHIFT Communications for Vade Secure
Phone: (617) 779-1875

Subscribe to our alerts for our latest blog posts

Questions or Press Inquiries?

Contact Vade Secure