Microsoft, PayPal & Facebook most targeted brands in phishing scams: Report

When it comes to phishing scams, Microsoft has turned out to be the most preferred target for hackers while PayPal, Facebook, and Netflix are also on the list.
Microsoft, PayPal & Facebook most targeted brands in phishing scams: Report

When it comes to phishing scams, Microsoft has turned out to be the most preferred target for hackers while PayPal, Facebook, and Netflix are also on the list.

Among the various hacking techniques out there, phishing scams happen to be one of the most successful and commonly used ones. The reason being that it is not only simple to execute but fewer resources are also invested in such an attack.

Nonetheless, hackers are selective about the sites they target because put simply, some ensure a bigger payday than others. To investigate the popularity of these targeted sites, VadeSecure’s Phishers Favorites Q2 2019 report has revealed the new list of the 25 most impersonated brands set down below revealing that Microsoft is the most favorite target of hackers.

  1. Microsoft
  2. Paypal
  3. Facebook
  4. Netflix
  5. Bank of America
  6. Apple
  7. Canadian Imperial Bank of Commerce(CIBC)
  8. Amazon
  9. DHL
  10. DocuSign

See: How Phishing Has Evolved in 2019

Phishing Spikes with these 10 leading
An infographic by VadeSecure showing the top 10


At No.1 is the tech giant Microsoft that has recently penetrated the cloud sector quite successfully. It’s not surprising then that this is the prime reason that hackers have been targeting them with over 180 million active business users for Office 365.

For example, if one gets access to an Office 365 account, they can potentially have access to loads of data which can also include business contacts and hence be utilized for conducting spear-phishing scams. As spear phishing greatly cashes in on the trust that people place in their colleagues and other acquaintances; it makes the social engineering process of soliciting information much easier.

See: Simple Tips to Manage and Prevent Social Engineering Attacks


To find Paypal at No.2 is self-explanatory, to say the least. It’s an online payment service which if hacked directly results in huge harvest opportunities for attackers, hence incentivizing them more with its rising usage. This rationale could also be attributed to the two banks that we see on the list, namely the Bank of America and CIBC.


Thirdly, we have Facebook which evidently proves the growth that the social media industry has experienced in phishing scams. With said growth being 175.8% in the previous quarter, such success may be attributed to the widely used “Facebook Login” feature.

While a Facebook account directly does not offer much to take away when compromised in terms of money, hackers could use the personal data of users collected to blackmail them and also gain access to websites on which the user may have logged in using Facebook.


Fourthly, we have Netflix, everyone’s favorite past time. With an increase of 8.2% in phishing URLs, like the other contenders on this list, increasingly sophisticated methods are being used to trick users. In the words of Ciara from the Irish Times, the trickery involved is best illustrated by the fact that,

“The website (Phishing one) even uses the padlock icon that consumers are generally told to look for to ensure data they are sending through the website is secure.”

Apple and Amazon

Moving on, recently Apple and Amazon became trillion-dollar companies and to not see them in this list would indeed be a shock. Meeting our expectations, Apple is found at no.6 and Amazon at no.8, both potential goldmines for attackers.

An interesting thing according to VadeSecure’s researchers is that both companies have been targeted by the same phishing kit – 16Shop – believed to have been developed by an individual involved in the black hat “Indonesian Cyber Army.”

An example of an Apple phishing page using the toolkit's features.
Apple iCloud phishing scam as witnessed by VadeSecure.

To summarise, phishing attacks are not going to cease to exist but we as users could take greater precautions amidst rising threats. Moreover seeing that even billion-dollar companies are vulnerable to such attacks, small to medium businesses need to take heed and step up their security game.

If you are on the Internet you are vulnerable to cyber-attacks. According to OTA (the Internet Society’s Online Trust Alliance), phishing attacks are also used in carrying out ransomware-type attacks and in 2018, these attacks caused $8 billion in damages.

Follow these guides (1 & 2) to protect yourself from ransomware and phishing scams. Stay safe online!

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Related Posts