INKY processed 656,954,951 emails in 2020. From this data, they ranked the top 25 most-phished brands during 2020. In round numbers, that’s two-thirds of a billion.
Within this pool, Inky found 4,874,096 phishing campaigns. Of those phishing campaigns, 591,293 of them were brand impersonations. Out of the brand-impersonation group, INKY found 40,903 unique campaigns.
A single campaign is defined as being from the same sender domain and authentication source and having roughly the same text, links, and attachments. One campaign can represent hundreds or even thousands of emails, which may be vanilla (only the recipient is varied) or dynamic (customized per target via clever software).
Roger Kay, VP Security Strategy, INKY, says, "Phishers focused their efforts to target brands that enable WFH. When Video conferencing platforms (Apple FaceTime, Microsoft Teams, Cisco WebEx, RingCentral Meetings, Zoom, and Skype) replaced in-person collaboration, impersonations of these brands significantly increased. Common phishing lures are fake meeting invites, voicemails, and account verification emails.