Ten Brands That Scammers Most Often Impersonate.

Posted on by

Fraudulent accounts are ubiquitous: scammers constantly try to convince you they represent organizations like LinkedIn , PayPal , your bank , the FBI, the Federal Trade Commission , and the IRS , seeking to steal your money and information. When it comes to phishing schemes, which typically attempt to trick you into handing over sensitive data or credentials via malicious links, tech brands are (perhaps unsurprisingly) among the most frequently targeted by scammers.

According to a recent report from Check Point Research , in the fourth quarter of last year, nearly a quarter of all phishing attacks using Microsoft branding used Microsoft as an example—almost twice as many as the next most frequently targeted company.

The most popular brands that have become targets of phishing attacks.

According to research, tech companies and social media platforms consistently rank among the most popular brands for phishing scams, holding the following positions in the final quarter of last year:

You may also like

  1. Microsoft: 22%

  2. Google: 13%

  3. Amazon: 9%

  4. Apples: 8%

  5. Facebook (meta): 3%

  6. PayPal: 2%

  7. Adobe: 2%

  8. Reservation: 2%

  9. DHL: 1%

  10. LinkedIn: 1%

While you should always be alert to common phishing attacks, you should be especially wary of unsolicited messages from any of the companies listed above—especially if they concern account security and/or encourage you to click a link. We’ve examined at least one campaign involving nearly every brand listed, all of which are well-known and highly trusted by users, making them prime targets for such scams. Check Point notes that stolen Microsoft and Google credentials are particularly valuable as they are widely used in everyday work.

Common Phishing Tactics

Generally speaking, a phishing scam begins with an email, text message, or social media post that appears to be from a legitimate source. It will likely ask you to update or confirm personal information—often related to payments or account security—with a link to the company’s website or login page. Of course, this link leads to a fake version of the site designed to collect your login credentials, credit card number, banking information, or other personal information, which the scammers can then use to commit identity theft, account takeover, or purchase fraud.

It’s worth noting that while the methods described above are among the most common, phishing can also occur through phone calls, voicemail, and malicious browser pop-ups.

What do you think at the moment?

How to protect yourself from phishing attacks using branded products

As we’ve already mentioned, just because you generally trust a company doesn’t mean you should blindly trust all its messages. If you receive an unsolicited message, it sounds urgent, and it’s not related to any recent activity you’ve done (such as trying to log in or paying a bill), don’t engage with it. Don’t click links, open attachments, or respond directly. Be on the lookout for typos and other errors, including the sender—though, since scammers have found ways to appear legitimate, this isn’t always an obvious warning sign.

If you’re unsure of the message’s content, go directly to the website or app and log in to see all genuine warnings. A password manager will provide an additional layer of security by preventing you from entering your credentials on a fake page.

Finally, implement strong, phishing-resistant multi-factor authentication wherever possible, especially for frequently used and high-value accounts like Microsoft and Google. If your credentials are compromised, attackers won’t have an additional factor to exploit.

More…

Scams

Leave a Reply