Introduction
Cyber-thieves love to use the names of big corporations in their phishing campaigns. If they’re spamming large swaths of people, then picking a disguise like Microsoft or LinkedIn increases the odds that more people will at least use these services.
Think about it: If you get an urgent message about your car insurance when you don’t even own a vehicle, it’s pretty obvious that’s a scam. That’s why cybercriminals will often choose to impersonate companies that have millions of users.
So…can you guess who’s the #1 impersonated brand in 2023?
Top Ten in 2023 So Far
- Walmart, accounting for 16% of phishing attacks around the world
- DHL, a mail courier service that handles 1.8B deliveries annually and is now impersonated in 13% of global phishing scams
- Microsoft, making up 12%
- LinkedIn topped the charts toward the end of last year, but now only comes in at 6% of phishing attacks internationally
- FedEx comes in at 4.9%, slimly surpassing…
- Google, impersonated 4.8% of the time
- Netflix fared only barely better at 4%
- Raiffeisen Bank International, a universal bank throughout Europe, was used in in 3.6% of phishing scams
- PayPal scraped just beneath that at 3.5%
What Does All This Mean?
When you look at this list, some of the numbers might surprise you. For instance, did you expect Walmart to top the chart when they only ranked #13 at the tail end of 2022?
This is in part because at the tail end of 2022, threat actors perpetuated a scam using Walmart’s brand as a disguise. In their email blast, they “warned” Walmart customers of a potential disruption to their supply chain that may affect shopping and ordering. This false notification was followed by a survey link, which really downloaded infected software.
This is a prime example of why threat actors impersonate big corporations to trick more people at once – rather than spear-phishing attacks which are more specific but also more believable as a result.
By mimicking Walmart, the threat actors would have plenty of real customer service emails to comb through and use as a convincing template.
Protect Yourself From Phishing!
The best defensive move that you can make on a daily basis is to stay vigilant and learn how to recognize new threats and scare tactics as they crop up.
Protecting your and your company’s data is a group effort! Even if 99% of the organization flags and reports spam, that 1% can send the whole organization crumbling down. Security awareness is a 24/7/365 responsibility.
If you are notified that your data has been compromised, or may have been exposed in a breach, take immediate action to re-secure your accounts and monitor your credit, systems and profiles for suspicious activity!
Conclusion
Can you tell the difference between a phishing scam and a legitimate message from one of the businesses that you frequent?
Scammers can make fake links, email domains and even webpages that look and feel “real.” Spotting inconsistencies in branding, spelling, URLs, old logos and even color schemes can all indicate that a legitimate-seeming email contains more than meets the eye. Be careful communicating with senders outside of your organization, don’t click random links or download unknown files, and follow that suspicious feeling in your gut. It’s much safer to take a few minutes to verify who you’re sending private information to online via the proper, secure channels as outlined in your office’s policy.
If you think you’ve received a suspicious message, report it using your email Spam indicator and inform your superiors. They might want to perform their own investigations to evaluate the strength of the entire cybersecurity posture as it stands.
3.4B phishing attacks are spammed out every single day. Take this serious threat, seriously.