Cloudflare’s 2023 Phishing Threats Report reveals top exploited phishing methods and most impersonated brands

Cloudflare, Inc., the security, performance, and reliability company helping to build a better Internet, today released its inaugural 2023 Phishing Threats Report. The findings highlight that phishing remains the most dominant and fastest growing Internet crime, largely due to the ubiquity of email and the ceaseless issue of human error that is preyed upon by today’s threat actors.

While business email compromise (BEC) losses have topped $50 billion, corporate organizations are not the only victims that attackers are after. The real implications of phishing go beyond Fortune 500’s and global companies, extending to small and local organizations as well as the public sector. For instance, in this year’s report, Cloudflare observed more email threats targeting political organizations. In the three months leading up to the 2022 US midterm elections, Cloudflare’s email security service prevented around 150,000 phishing emails from making their way to campaign officials.

Regardless of an organization’s size, industry or sector, the report revealed that threat actors who leverage phishing campaigns have two major objectives. First and foremost, the goal is to achieve authenticity and legitimacy in the eyes of the victim. Second, is to persuade victims to engage or click. These objectives are underscored by the key findings of the report, including:

• Malicious links were the #1 threat category, comprising 35.6% of detected threats
• Identity deception threats are on the rise— increasing YoY from 10.3% to 14.2% (39.6 million) of total detections
• Attackers posed as more than 1,000 different organizations in over 1 billion brand impersonation attempts.The majority of the time (51.7%), they impersonated one of 20 well-known brands
• The most impersonated brand happens to be one of the most trusted software companies: Microsoft.Other top companies impersonated included Google, Salesforce, Notion.so, and more
• One-third (30%) of detected threats featured newly registered domains— the #2 threat category
• Email authentication doesn’t stop threats.The vast majority (89%) of unwanted messages “passed” SPF, DKIM, or DMARC authentication checks

“Phishing is an epidemic that has permeated into the farthest corners of the Internet, preying on trust and victimizing everyone from CEOs to government officials to the everyday consumer,” said Matthew Prince, CEO at Cloudflare. “Email messages and malicious links are nefarious partners in crime when it comes to the most common form of Internet threats. Organizations of all sizes need a Zero Trust solution that encompasses email security – when this is neglected, they are leaving themselves exposed to the largest vector in today’s threat landscape.”

Report Methodology: The report is a culmination of data intelligence and security trends gathered from the 112 billion threats that Cloudflare’s global network blocks daily. Cloudflare evaluated a sample of more than 279 million email threat indicators, 250 million malicious messages, over 1 billion instances of brand impersonation (note that it is possible for one email to have multiple instances of brand impersonations), and other data points gathered from approximately 13 billion emails processed between May 2022 to May 2023. Additionally, this report is informed by a Cloudflare-commissioned study conducted by Forrester Consulting. Between January 2023 and February 2023, Forrester Consulting surveyed 316 security decision-makers across North America, EMEA, and APAC about the state of phishing.