Microsoft remains most imitated brand for phishing attempts: Report
Shipping company DHL maintained its position as the second-most impersonated brand, with 26 per cent of all phishing attempts related to it
Microsoft continued to remain the most imitated brand for phishing attempts in the April-June quarter, as cyber criminals used the brand to steal individuals' personal information or payment credentials, researchers said on Thursday.
Forty-five percent of all brand phishing attempts were related to Microsoft in Q2 (up six points from Q1 2021).
Shipping company DHL maintained its position as the second-most impersonated brand, with 26 per cent of all phishing attempts related to it, as criminals continue to take advantage of the growing reliance on online shopping, according to Check Point Research (CPR), the threat intelligence arm of Check Point Software Technologies.
"Cybercriminals are continually increasing their attempts to steal peoples' personal data by impersonating leading brands. In fact, in the run up to Amazon Prime Day in Q2, more than 2,300 new domains were registered about Amazon," said Omer Dembinsky, Data Research Group Manager at Check Point Software.
Amazon was third on the list with 11 per cent phishing attempts in Q2.
"In Q2, we also witnessed a global surge in ransomware attacks which are often spread initially through phishing emails containing malicious attachments," Dembinsky added.
The tech sector is still the most likely industry to be targeted by brand phishing, followed by shipping and retail.
In Q1 2021, retail was interestingly overtaken in the list by banking, but it has now reclaimed its position in the top three possibly owing to the likes of the Amazon Prime Day sales, the researchers claimed.
In a brand phishing attack, criminals try to impersonate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site.
The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application.
The fake website often contains a form intended to steal users' credentials, payment details or other personal information, the report said.