Facebook and WhatsApp most impersonated brands for hackers


  • The average Brit’s device is attacked with malware 97 times per month – with Facebook and WhatsApp among the most impersonated brands for hackers

  • The UK is one of the worst-hit countries for malware, with more than 18 million attacks since the beginning of the year

  • Adult sites contain 8% of all detected malware, the most significant number of all domain categories analysed in the research

  • Free video hosting sites have the most intrusive ads, which usually lead to scam websites and the most trackers.

The average device in Britain is attacked with malware 97 times per month on average – with Facebook and WhatsApp among the most impersonated brands for hackers, a new report by cybersecurity company NordVPN reveals.

Britain is one of the countries worst hit by malware, with more than 18 million malware infection attempts already logged among users of NordVPN’s Threat Protection Pro this year. In May alone, the feature blocked more than five billion intrusive ads, almost 40 billion trackers, and 60 million malware infection attempts around the world. 

Malware is malicious software including viruses, trojans, ransomware, and spyware designed to harm a user’s devices. It can steal sensitive data, encrypt important files, or even take over the devices, putting the criminal in complete control. The most common way users can get their devices infected with malware is by visiting malicious sites.

Cybercriminals often subtly misspell the URLs of popular brands to trick victims into clicking phishing links and downloading infected files. Nearly 99% of all phishing attacks use just 300 brands for deception. 

Among the most popular brands impersonated for spreading malware are Office365 (86,312), Facebook (19,287), Bet365 (15,126) and WhatsApp (13,474).

Table: Number of fake URLs for popular brands around the world



Number of fake URLs


























Microsoft OneDrive



DHL Airways


Source: NordVPN

More than 18 million attempts to infect British users’ devices were logged during the research period. 

From January 1 to May 31, Threat Protection Pro blocked more than 24 million malicious links in adult content sites (8% of all blocked sites).

The dangers of trackers 

Web trackers are privacy-invading tools that collect information on user activity. They typically take the form of special scripts, browser cookies, or tracking pixels. In the case of a data breach, the stored tracker data could end up falling into the hands of cybercriminals.

Users should beware using free video hosting, many of which are used to illegally stream films, which accounted for a quarter (28%) of all blocked trackers. Online storage (13%) and search engines (13%) were the next most dangerous categories. Since January 1, Threat Protection Pro has blocked 39 billion trackers from free video hosting sites alone, while the online storage category is accountable for 18 billion trackers.

Intrusive ads are not just annoying

Invasive and irrelevant ads popping up unexpectedly, blocking the host page, and opening new pages and windows are also the most common for free video hosting, adult content, and advertisement sites. 

Since the beginning of the year, Threat Protection Pro has detected and blocked more than two billion invasive ads on free video hosting sites, plus one billion on adults and some 807 million on advertisement sites.

Intrusive ads can infect users’ devices by linking to malicious sites, violating privacy by collecting data from web activity, and impacting website loading speed. 

Says Marijus Briedis, Chief Technology Officer at NordVPN:

“Every day, we face cyber threats without even noticing them, and often the hackers’ tools are masquerading as some of our most trusted brands, like Facebook and WhatsApp.

“The brands themselves are not at fault — fakes like these also hurt their reputation, forcing companies to actively hunt them down. But high brand awareness can lull victims into a false sense of security and get them to lower their guard.”

How to stay safe from common cyber threats

To protect yourself from common cybersecurity threats like malware, trackers, and intrusive ads, Adrianus Warmenhoven advises taking these precautions:

●  Develop good cybersecurity habits. Cybercriminals prey on apathy, confusion, and ignorance, hoping that victims will forego due diligence. For example, most phishing attempts involve distorted names of popular brands. 

●  Verify, download, scan, install. Malware executables may be disguised as or even hidden in legitimate files. Always verify the website you wish to download from, and always use anti-malware tools to inspect the files you download. This includes suspicious email attachments.

●  Be careful of where you go online. Certain web domain categories are much more likely to host malware that could compromise your device than others. If you visit websites that are likely to contain malware, pay attention to what you type, click, and download.


Chris Price