Brand impersonation attacks, when adversaries attempt to mimic a website or domain of a well-known brand by using a similar domain name and webpage designed like the actual site, remain one of the most deceptive forms of phishing. A recent report from the email security company Vade identifies the top brands threat actors impersonated in brand phishing attacks in the first half of 2022.

In the first half of this year, Microsoft was the most impersonated brand in phishing attacks, with a total of 11,041 unique phishing URLs. The popularity of Microsoft 365 among organizations of all sizes has made Microsoft a profitable target for threat actors hoping to steal credentials, launch ransomware attacks, conduct business email compromise, and perpetrate other malicious activities. Other top impersonated brands include Facebook, Crédit Agricole, WhatsApp, and Orange. Additionally, the report found that phishing attacks are more likely to occur on the weekdays and over a third of all phishing URLs impersonated financial services brands. To defend against this activity, members are reminded to always be wary of messages that require urgent actions and that ask a user to click on a link or open an attachment. Users should reach out to the purported sender via another means of communication to confirm its authenticity. Read more at HelpNetSecurity or access the full report at Vade.