If you have an email inbox, you've seen them. Emails claiming to come from a brand you know, but in reality, they are a "spoof" or copycat of an email from that company.
These brand phishing attacks often involve sending you a branded email or text message with a link. Click the link and you go to a webpage or login portal that looks legitimate but is actually an imitation of the real thing. It may even have a similar URL or web address to the real thing.
The fake website often contains a form intended to steal user login credentials, payment details, or other personal information.
And now we know which brand names are used (and abused) to target individuals most often.
Top 10 brands spoofed in phishing attacks
Researchers at Check Point just released their top 10 list for the third quarter of 2020. Here are the 10 brand names most likely to be spoofed and show up in your personal inbox or that of your employees.
- Microsoft (related to 19% of all brand phishing attempts globally)
- DHL (9%)
- Google (9%)
- PayPal (6%)
- Netflix (6%)
- Facebook (5%)
- Apple (5%)
- WhatsApp (5%)
- Amazon (4%)
- Instagram (4%)
Microsoft at the top certainly makes sense, if you look at the cyber threat landscape. Many attacks begin when hackers actually log in to a legitimate corporate email account.
Spoofed Microsoft emails send end-users to realistic looking (but hacker controlled) log-in pages that can trick them into entering their username and password.
And from there, cybercriminals are on the path to accomplishing their objectives within an organization, whatever that might be.
Related podcast: Business Email Compromise
Listen to The SecureWorld Sessions podcast episode on BEC for more on how a compromised email can lead to millions in losses for organizations and individuals.