News

    Microsoft leads big brands as most phished company

    11.06.2021

    - David Goldstein -

    Microsoft continues to be the most phished brand according to the most recent report from Check Point Research, leading DHL in both the last quarter of 2020 and first of 2021, accounting for around 2 in 5 of all brand phishing attempts globally.

    Banking in the top 3 industries

    In both reports Microsoft accounted for around 40% of all brand phishing attempts globally – 43% in Q4 2020 and 39% in Q1 2021. DHL was second with 18% each quarter as criminals persisted in taking advantage of the growing reliance on online shopping, while no other company made double figures in either quarter. In Q1 2021 Google came third accounting for 9% of all phishing attempts (2% in Q4 2020) followed by Roblox with 6% (it didn’t make the top 10 in Q4 2020) and Amazon with 5% in both quarters.

    The Check Point Research Brand Phishing Report highlights the brands most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials.

    By industry technology is still the most likely to be targeted by brand phishing, followed by shipping. However banking replaced retail in the top 3 industries in the first quarter of 2021, as two banking brands – Wells Fargo and Chase – are now in the top ten list. Check Point says this shows how threat actors are exploiting the recent surge in digital payments due to the COVID-19 pandemic, and the increased dependency on online banking, shopping and home deliveries, to trick users and commit financial fraud.

    How does a brand phishing attack work?

    In a brand phishing attack, Check Point explains, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.

    To minimise the risks of being a victim of criminals seeking to exploit brands via phishing, it is important to be cautious opening email attachments and clicking on links in emails, especially those purporting to come from major brands that are regularly impersonated. And when a website or other online application asks for personal and financial information, it is important to verify its legitimacy.

    BrandShelter can help you protect your brands, please feel free to contact us.