This is the great game of emails: spotting the fraudulent message among the dozens, even hundreds of messages received per day. To trick their victims, cybercriminals pose as well-known companies: a necessity to make their phishing [emails piégeux, Ndlr] believable in the eyes of most people. By knowing which brands are particularly imitated, users can focus their vigilance on specific cases.
This is why the French email protection startup Vade, like many of its competitors, maintains a ranking of the most imitated companies: the Phisher’s Favorites. It relies for this on the URLs [les adresses de sites internet, Ndlr] that it detects and blocks, out of the more than 1.2 billion mailboxes that it protects.
Tech companies are popular
In the first half of 2022, Microsoft takes the throne of the most imitated company by hackers, with 11,041 different phishing URLs, and each of these URLs could have been distributed thousands, even millions of times. “Its ubiquity in the cloud [elle compte plus de 240 millions d’utilisateurs professionnels de sa plateforme Microsoft 365, Ndlr] makes it, again and again, an irresistible target“, notes Vade.
The headliners of this kind of ranking vary only slightly in the medium term, even if their order varies in the first ten places. Historically, Microsoft, due to the massive use of the Office suite (Word, Excel, PowerPoint) – now available in the cloud (Microsoft 365) – is a target of choice. And for good reason: recovering access to this office software opens the door to a treasure trove of company or private data. The documents can then be sold or exploited, for example to blackmail.
In second place, behind Microsoft, is another famous tech brand, Facebook, with a score of 10,448 impersonated URLs. As Vade reminds us, the social network is stagnating in number of users (which contributes to the bad patch of its parent company Meta) but remains the most used in the world with 2.93 billion active users. So this is a perfect identity to make the email most compelling to as many people as possible.
Concretely, in a majority of cases, criminals bombard an email address book without necessarily any consistency between them, which they will have bought or found for free on black markets. To succeed, they will need to create an email that is likely to be relevant to as many people as possible, hence the impersonation of companies with huge customer or user bases like Microsoft and Facebook, or that of public services like Ameli or taxes.
The financial sector remains the most popular
If the two tech champions dominate the ranking, the sector most usurped by phishing remains finance, with 8 companies in the Top 25, including Crédit Agricole and La Banque Postale (reflecting Vade’s French clientele), but also Chase or Wells Fargo (reflecting its American clientele).
Cybercriminals often impersonate banks or financial services because these brands give them a better chance of making an immediate profit. On the one hand, obtaining Facebook IDs gives access to data that can be sold later, or allows another phishing to be distributed to the victim’s friends. That is, phishing will only bring money after several steps. On the other hand, obtaining credentials from a financial service potentially allows money to be withdrawn or spent immediately, provided the victim does not use all the protections at their disposal.
Unusual detail of the ranking: in the first quarter of 2022, cybercriminals tended to send their phishing rather between Monday and Wednesday, while reducing their activity by half on weekends. This trend is a reminder that criminals now follow operations similar to those of companies, and that cybercrime has become for some a profession like any other…