Technology giant Microsoft continues to be the favorite brand of cybercriminals for phishing attacks. According to Check Point’s Brand Phishing Report for Q3 2021, Microsoft has topped “the most commonly imitated brands” list in phishing campaigns. The report highlights the popular brands that threat actors mostly imitated to trick users into giving up their login credentials and other sensitive information in July, August, and September of 2021.
Despite the lower phishing rate, Microsoft continued as the brand most frequently targeted by adversaries – with 29% of all brand phishing attempts, down from 45% in Q2 2021. Amazon has ranked second, with 13% of all phishing attempts as hackers took advantage of online shopping and targeted vulnerable, distributed workforces during the pandemic.
The Top Phishing Brands in Q3 2021
- Microsoft (29%)
- Amazon (13%)
- DHL (9%)
- Bestbuy (8%)
- Google (6%)
- WhatsApp (3%)
- Netflix (2.6%)
- LinkedIn (2.5%)
- Paypal (2.3%)
- Facebook (2.2%)
Phishing Email – A Common Lure
Check Point researchers stated they had witnessed multiple malicious phishing emails specially crafted to steal a Google account access credentials. Hackers sent phishing emails from [email protected] with the subject “Help strengthen the security of your Google Account.” The attackers placed fraudulent and malicious links in the email body, which, when clicked, redirected the user to a fake Google login page to steal victims’ credentials.
Similarly, threat actors targeted LinkedIn members by sending phishing emails via [email protected] with the subject “You have a new Linkedln business invitation from.”
Social Platforms Become Primary Targets
The report also revealed that social media platforms were among the top three sectors to be imitated in phishing campaigns, with WhatsApp, LinkedIn, and Facebook appearing in the top ten list of most imitated brands. Recently, threat attackers leveraged a malicious version of WhatsApp tracked as FMWhatsapp to distribute Triada mobile Trojan. The fake WhatsApp version displays malware-infused ads, it accesses users’ SMSs, and downloads other Trojans.
How Hackers Perform Brand Phishing
In brand phishing attacks, attackers imitate the official website of a famous brand by creating a similar domain name or URL of the original site. The links to the fraudulent website are then sent to targeted individuals via email or SMS. Once a user clicks the link, it redirects to the fake website, which often contains a form intended to steal users’ credentials, payment details, or other sensitive information.
Point of View
While phishing emails trick users to open/click an attachment/link, brand phishing emails give additional trust to victims, as they imitate popular brands. Attackers mostly choose famous brands as they have a large customer base, and the chance of users responding to phishing emails is relatively high. Popular enterprises like Microsoft, Facebook, and Amazon are always a primary target for cybercriminals. A report from Barracuda divulged how attackers are increasingly getting shrewd in their approach to evade security perimeters and the most recent trends in spear phishing. Nearly 43% of phishing attacks impersonated Microsoft brands, followed by WeTransfer (18%), DHL (8%), and Google (8%).
Mitigation
We recommend users be extra vigilant while providing personal data and login details to business applications or websites. Think twice before downloading any email attachments or clicking links in emails that claim to be from popular companies like WhatsApp, Amazon, Microsoft, or DHL, as they are the most likely to be impersonated or malicious.
