Financial services was the most impersonated industry by criminals launching phishing attacks during the first half of 2023, according to a report from cybersecurity firm Vade. Financial services accounted for more than 33% of all phishing URLs, followed by the social media (22%) and cloud (21%) industries.
Phishing is the practice of sending fraudulent emails or other messages purporting to be from a reputable company to trick consumers into revealing personal information, such as passwords and credit card numbers. When consumers click on a false URL in a phishing message, they are typically sent to a malicious Web site to verify their identity or reset their password.
During the first and second quarters of the year, more financial-services brands were among the top 25 most impersonated brands than in any quarter in the past three years, according to the report.
Among financial-services providers, France’s Crédit Agricole was the third most impersonated brand overall in phishing attacks. Criminals’ use of fake URLs for the brand increased 170% during the first quarter and 61% during the second quarter on a year-over-year basis.
Japan’s Softbank Corp. ranked as third most impersonated brand in phishing attacks overall during the second quarter of 2023, with criminals creating 4,591 false URLs for the bank. First Citizens Bank was another frequently targeted brand. Criminals created 505 false URLs for the bank during the second quarter, up from just 12 in the first quarter.
Overall, the number of phishing attacks totaled 742.9 million during the first half of 2023, according to Vade. January accounted for the highest volume of phishing emails during the first half of the year, with 488.5 million. At the same time, malware attacks during the first half of the year increased slightly to 112.3 million, compared to 111.4 million from a year earlier.
On an individual brand basis, Facebook, the social media platform for Meta Platforms Inc., and Microsoft Corp. were the most impersonated brands during the first half of the year. The two brands accounted for 18% and 15% of all spoofed URLs, respectively, according to the report. During the second quarter, the use of false URLs for Microsoft surpassed those for Facebook.
“Demonstrating just how popular these brands are among hackers, Facebook and Microsoft together accounted for more unique phishing URLs than the next top five brands combined, Crédit Agricole, SoftBank, Orange, PayPal, and Apple,” the report says.
Google also ranked among the top 10 most impersonated brands during the first half of the year.