New report reveals a sharp rise in Facebook phishing


Facebook is now the most impersonated brand, accounting for 14% of phishing pages. It is closely followed by Microsoft, Credit Agricole, WhatsApp, and La Banque Postale.

Cybersecurity company Vade analyzed approximately 185,000 phishing pages in 2021 and compiled a list of the 20 most impersonated brands.

The company concluded that financial services was the most impersonated industry in 2021, representing 35% of phishing pages (24%, compared to 2020). Scammers prefer Credit Agricole, La Banque Postale, Chase, PayPal, Wells Fargo, and MTB.

ADVERTISEMENT

Vade attributed the growth in financial services phishing to the impact of the COVID-19 on the global economy.

“At the beginning of the crisis, businesses and citizens around the world took advantage of government-backed business loans and payment deferrals or “holidays” from consumer banks and credit unions. Crédit Agricole processed 211,000 applications for small to midsized business and small business and corporate loans, totaling €315 billion,” Vade report reads.

Social media is the second most impersonated industry, accounting for 24% of phishing pages. Facebook is a lucrative target for hackers looking to reach a wider audience as it has 2.8 billion users and a slew of social brands under the parent company Meta.

Impersonated brands

“Additionally, 2021 saw a string of high-profile ups and downs for Facebook, from its starring role in politically charged arguments about freedom of speech to Facebook’s rebranding to Meta to its ongoing fight against misinformation. Cybercriminals are opportunists, and they have a strong preference for attacking brands during periods when the brand is top of mind with end-users,” Vade said.

Phishers typically send fake security alerts with requests to change passwords. Each directs a victim to a phishing page designed to steal user credentials.

Microsoft is the second most impersonated brand in phishing attacks and the first most impersonated cloud brand, representing 13% of phishing attempts.

“From sporting events to holidays, to elections, current events capture the attention of users around the world. They present a prime opportunity for phishers to attack a wide pool of victims for whom the events are top of mind and are likely to respond to emails containing

ADVERTISEMENT

keywords and images associated with the event,” Vade detailed.

The pandemic, vaccines, and different relief funds are popular topics for phishing. Now, we can expect attempts to harvest credentials and steal money by spinning the war in Ukraine topic. Countries are already reporting fake pages allegedly created to gather donations in support for Ukraine.