With brand phishing attacks on the rise, security researchers from Check Point have urged web users to remain vigilant when browsing online.
Recent figures published by Check Point Research highlight the growing issue of brand phishing attacks and shed light on the companies that are often imitated by cybercriminals.
According to the security firm, across Q2 2021 Microsoft was the brand most frequently targeted by cybercriminals and accounted for 45% of all brand phishing attacks globally.
Meanwhile, shipping company DHL remained the second most impersonated brand, with 26% of all phishing attempts related to it.
CPR’s report also shows that technology is still the most likely industry to be targeted by brand phishing, followed by shipping and retail.
In Q1 2021, retail was briefly overtaken on the list by banking, but it has now reclaimed its position in the top three.
Researchers suggested the resurgence of retail imitation among cybercriminals could be due to Amazon Prime Day sales or other summer-related retail incentives.
- Kaseya ransomware group REvil website goes dark
- Mermaids charity fined £25k for leaving sensitive data exposed for three years
- Governments stepping up demands on Twitter to remove news content
“Cybercriminals are continually increasing their attempts to steal peoples’ personal data by impersonating leading brands. In fact, in the run up to Amazon Prime Day in Q2, more than 2,300 new domains were registered about Amazon,” said Omer Dembinsky, Data Research Group Manager at Check Point Software.
“Unfortunately, it’s the human element that often fails to pick up on misspelled domains or suspicious texts and emails, and as such, cybercriminals continue to impersonate trusted brands to dupe people into giving up their personal information,” he added.
What is a brand phishing attack?
In brand phishing attacks, criminals attempt to impersonate the official website of a well-known brand – such as Microsoft or Amazon – by using a similar domain name or URL.
Brand phishing attacks are often sophisticated in nature and try to dupe the user into believing they’re engaging with a legitimate brand. For example, many cybercriminals design web pages which mimic an official website down to the finest detail.
Links to a fake website can be sent to targeted individuals by email or text message, researchers warn. However, users can also be redirected during web browsing or it may be triggered from a fraudulent mobile application.
Fake websites often contain a form intended to steal users’ credentials, payment details or other personal information.
What are the most-imitated brands?
While Microsoft, DHL and Amazon hold the top three positions, Check Point Research also highlighted a range of other household names that are mimicked by cybercriminals.
Below are the top brands ranked by their overall appearance in brand phishing attempts:
- Microsoft (related to 45% of all brand phishing attempts globally)
- DHL (26%)
- Amazon (11%)
- Bestbuy (4%)
- Google (3%)
- LinkedIn (3%)
- Dropbox (1%)
- Chase (1%)
- Apple (1%)
- Paypal (0.5%)
How to avoid falling victim
According to Dembinsky, users must remain vigilant when browsing the web and report questionable emails containing links or deals that are too good to be true.
“As always, we encourage users to be cautious when divulging their data, and to think twice before opening email attachments or links, especially emails that claim to be from companies such as Amazon, Microsoft or DHL as they are the most likely to be imitated.”