As people become more au fait with cybersecurity, cybercriminals need to become more wily when trying to get somebody to hand over their sensitive data.
One way to do that is by impersonating a well known brand and leveraging the established trust of that brand to compromise a person.
In its Brand Phishing Report for Q1 2021, Check Point Research reports that Microsoft remains the most imitated brand by cybercriminals in phishing campaigns for the second quarter running.
“Criminals increased their attempts in Q1 2021 to steal peoples’ personal data by impersonating leading brands, and our data clearly shows how they change their phishing tactics to increase their chances of success,” writes data research manager at Check Point, Omer Dembinsky.
Microsoft was reportedly imitated in 39 percent of all brand phishing attempts worldwide in Q1. Interestingly, Roblox is the fourth most imitated brand with 6 percent of phishing campaigns using the name.
The full list from most popular to least follows below.
- Microsoft – 39 percent
- DHL – 18 percent
- Google – 9 percent
- Roblox – 6 percent
- Amazon – 5 percent
- Wells Fargo (US bank) – 4 percent
- Chase (US bank) – 2 percent
- LinkedIn – 2 percent
- Apple – 2 percent
- Dropbox – 2 percent
While some phishing campaigns are only interested in getting a user to key in their credentials, in the case of one campaign imitating DHL, users were told to download a file which infected the system with Agent Tesla, a malware that steal passwords.
“While security measures are often built into websites and apps, particularly with banking, it’s the human element that often fails to pick up on scams, and as such, cyber criminals are continuing to trick people using convincing emails purporting to be from trusted brands,” explains Dembinsky.
Be cautious when receiving mails from big brands. Our advice is to contact the brand directly before downloading attachments or visiting websites an email asks you to visit.
[Image – CC 0 Pixabay]