Phishing remains a major threat to businesses because it requires little investment but offers potentially big rewards to cybercriminals. While any company can be impersonated, some are widely used in phishing attacks. These phished brands are impersonated because they are trusted by the public and offer tons of valuable personal and financial information.
How Hackers Engage in Brand Phishing
One of the ways hackers trick their victims is by sending generic fake security alerts and urgent password update requests. Targets often comply due to fear of losing their accounts.
Other brands may be impersonated using highly targeted phishing methods. Attackers can calibrate their phishing infrastructure so that it only displays the phishing page when the right user clicks on a malicious link. The attackers validate the user’s identity to screen out unwanted targets.
Some cybercriminals stay under the radar by including phone numbers but not links. With this approach, phishing emails can evade filters that are designed to flag malicious links.
Favorite Industries for Phishers
Industries offering technology products are often targeted by hackers. This is because companies in the sector have a lot of sensitive user and research data that can be used to extort victims or fetch good money on the dark web.
Social media let users interact with people across the world. Users often post and store sensitive personal information on their social media accounts. Gaining access to such accounts can be lucrative for cybercriminals.
Hijacked accounts may be resold or used for further compromise of the victim’s contacts.
Financial and Banking service companies are heavily targeted by attackers. Cybercriminals aim to take over the account and funds of their victims. Some hijacked accounts are used as conduits for laundering proceeds of other crimes. This can ensnare the victim as a suspect in law enforcement investigations.
Online shopping has gained more adoption due to the pandemic lockdown. The convenience of having items delivered to the doorstep is persuasive for many shoppers.
Hackers are aware of online shopping trends and relentlessly impersonate major online merchants to steal the personal and financial information of users. They may also hijack victims’ accounts to carry out unauthorized transactions.
Just like online stores, shipping companies have seen a surge in usage. Many people who have no previous dealings with freight companies now need to monitor the progress of their delivery.
This has presented hackers with phishing opportunities as they can easily take advantage of customers’ ignorance of the shipping process.
Cybercriminals can impersonate shipping companies to install malware on the victim’s computer via phishing.
The Most Phished Brands
Some brands are magnets for phishers and attract considerable impersonation attempts. This list of top phished brands was compiled by cybersecurity firm Vade.
Facebook has consistently ranked in the top five of the most phished brands for several years. It is now the most phished brand in the world.
Facebook has an impressive number of active users which makes it a prime target for phishing attacks. Hackers impersonate Facebook by sending links of cloned Facebook pages to users.
Microsoft is both a tech and a cloud giant. It is the second most impersonated brand.
Phishing attacks against Microsoft users vary according to the target. Some are just simple phishing with malicious links sent via email to unsuspecting victims.
More sophisticated Microsoft phishing attacks involved coding webpages that only engage with qualified targets according to the hackers criteria.
French Cooperative Bank Crédit Agricole is the third on the list of the most phished brands.
Another app within the Meta company makes the top fourth spot for phished brands. As a widely used instant messaging platform, WhatsApp accounts are in high demand by hackers.
French Postal bank, La Banque Postale and Telecom company, Orange take the fifth and sixth positions respectively.
Amazon, the retail and cloud giant makes the top phished brand at number seven. Amazon’s rapid growth as a destination for retail shopping and cloud application host makes it an attractive target for phishers.
Cybercriminals are looking for customers’ credit cards, gift cards, and other financial information from hijacked Amazon account
Chase Bank and Comcast Telecoms sit on the 8 and 9th position on the most phished brand.
PayPal is the most popular online payment service. It is a regular target of impersonation by cybercriminals holding 10th position on the most phished brand. Hackers impersonate PayPal to get login details from victims in order to steal and transfer their funds or use them for online purchases. Hijacked PayPal accounts are also traded on the dark web by cybercriminals.
The increased use of shipping makes DHL a prominent target of phishing attacks by cybercriminals.
A lot of online shoppers’ goods are delivered via DHL. Hackers take advantage of these by sending fake emails about order delivery or changes to delivery schedules.
Other top phished brands include Netflix, Wells Fargo, Rakuten, and Adobe.
Staying Safe from Phishing
To protect your organization from phishing attacks, employees must be regularly trained about phishing methods detection and the threats of phishing to your business.
In addition, organizations should deploy automated anti-phishing tools and email filters to block malicious emails from reaching the user’s inbox.
While top brands are particularly targeted for phishing, SMBs are not left out of cybercriminals’ phishing schemes. Hackers target SMBs to steal financial and personal information as well as infect the victim’s machine with malware or ransomware.
For your business to avoid disruption and thrive in the long run, taking steps against phishing attacks is a must. Get in touch with SDTEK to discuss anti-phishing solutions for your company.