Microsoft (43 percent) ranked first among brands most frequently imitated by cybercriminals in their attempts to steal victims' personal information or payment credentials, according to the Check Point Software Technologies "Brand Phishing Report" for the fourth quarter of 2020. This marked the second-consecutive quarter in which Microsoft earned the top spot among brands that cybercriminals most frequently imitate.
Along with Microsoft, the following companies were the top brands in terms of their overall appearance in brand phishing attempts:
- DHL (18 percent)
- LinkedIn (6 percent)
- Amazon (5 percent)
- Rakuten (4 percent)
- Ikea (3 percent)
- Google (2 percent)
- PayPal (2 percent)
- Chase (2 percent)
- Yahoo (1 percent)
Technology was the most-likely industry to be targeted by brand phishing attacks in 4Q20, Check point indicated. Furthermore, Check Point found that cybercriminals often tried to target employees working remotely due to the coronavirus (COVID-19) pandemic and capitalized on increased online shopping in November and December during brand phishing attacks.
What Is a Brand Phishing Attack?
In a brand phishing attack, cybercriminals try to imitate the official website of a globally recognized brand, Check Point stated. As part of their efforts, they may use a similar domain name or URL and web-page design to a brand's official site.
Meanwhile, cybercriminals will send a link to their fake website to targeted brand phishing attack victims, Check Point said. If a victim clicks on the link to a fake website, he or she may be taken to a site that contains a form intended to steal their credentials, payment details or other personal information.
Cybercriminals increased their attempts in 4Q20 to steal victims' personal data by impersonating industry-leading brands, said Maya Horowitz, Check Point's director of threat intelligence and research products. By keeping an eye out for fraudulent emails and avoiding attachments and links from unknown senders, email recipients can guard against brand phishing attacks.