These Were the Most Imitated Brands in Phishing Campaigns During Q3 2020
- Phishing actors continued their typical brand imitation in Q3 2020, with Microsoft topping the list.
- DHL has jumped to second place out of nowhere, indicating a new situation formed by the pandemic.
- Users are advised to ignore all communications of this form and manually log in on the actual page.
According to the stats that Check Point researchers managed to gather during Q3 2020, phishing campaigns that engage in brand imitation have acted in familiar ways. The top ten list of the most imitated brands has some new entries like DHL, which is an indication of the shift that was induced by the COVID-19 situation, but otherwise, we see the typical brands in the list.
Microsoft sits at the top, as the vast majority of internet users out there are Windows users, so actors believe this choice will increase their response rates.
Without further ado, here are the top ten most imitated brands on phishing campaigns during Q3 this year:
- Microsoft (related to 19% of all brand phishing attempts globally)
- DHL (9%)
- Google (9%)
- PayPal (6%)
- Netflix (6%)
- Facebook (5%)
- Apple (5%)
- Whatsapp (5%)
- Amazon (4%)
- Instagram (4%)
Microsoft tops email and web-based phishing attacks, but Whatsapp, PayPal, and Facebook form the first triad on the mobile space. It is also worth noting that Apple’s third position in email phishing and Google’s and PayPal’s high ranking in what has to do with web-based threats.
Related: Trump-Themed Phishing Campaign Demonstrates Hacker Reflexes
In the vast majority of the recorded phishing attempts, the actors’ goal was to steal the target’s credentials. Thus, for Microsoft, the attackers are serving a fake login page that is going after Microsoft 365 credentials. Google phishing targets Google Accounts, and PayPal phishing goes for the precious online payments account.
The takeaway from this is that when you receive an email claiming to come from a large and recognizable brand, take a moment to look into the details. Does the sender's address belong to the official domain, or was it made to appear legitimate (close enough)? Does the message contain grammar and spelling errors - or embedded buttons and links that lead to a login page? Does the URL of the login page match the real login page, or is it something similar?
In general, whenever you receive a tricky email that claims anything about your account, go ahead and visit the platform by using an internet search engine on another tab. Do not click on the links provided in the email message, and do not trust the page you’ve landed on in this way. If there’s anything that requires your attention, you will find it once you log in on the real webpage, so there’s never a reason to panic