Cybercriminals and Brand Phishing: The Brands Imitated the Most

Familiar brand impersonation

Cybercriminals are very bad actors which means they are very good at disguising messages to make them seem harmless or even desirable. One of the trickiest ways they go phishing is by luring in their victim through brand impersonation. Brand phishing involves using the name, logo, and other identifying aspects of a brand to trick users into trusting the email because they already are familiar with that brand.

Once the recipient feels they have received something from a trusted reputable brand, they are likely to click on links, download malicious attachments, and unknowingly share personal information.

Recent studies on phishing attacks found that 25% of emails from brands consist of phishing emails. So, it’s worth taking a second look at what’s in your inbox.

The layers of brand phishing

Falling trap to a brand impersonation attack typically begins with a deceptive email, but the elaborate scheme often goes well beyond that. Other layers of brand impersonation might include:

• A landing page containing the brand’s logo and content referring to the purpose conveyed in the email (payment or login screen, for example).
• A spoofed website that looks identical to the brand’s legitimate website.
• Customer service contacts via email and phone that are minimally staffed, but make it look legitimate.

Top phishing brands for Q2 of 2022

While the brands at the top of this list sometimes change, in 2022 LinkedIn has reigned supreme as the most imitated brand by cybercriminals. Here are the top brands ranked by their overall appearance in brand phishing attempts.

1. LinkedIn (45%)
2. Microsoft (13%)
3. DHL (12%)
4. Amazon (9%)
5. Apple (3%)
6. Adidas (2%)
7. Google (1%)
8. Netflix (1%)
9. Adobe (1%)
10. HSBC (1%)

Let’s take a closer look at what brand impersonation for the top four might look like.

• LinkedIn. LinkedIn is a professional social media site that most of your employees have accounts on. A brand phishing attack might look like an urgent notice to update your account information or might look like a common notification to “Add me to your LinkedIn network.” Just like with other social media platforms, don’t add someone you don’t know. They may be using your profile to gain access to your company device.
• Microsoft. Typically, this is an attempt to steal the user’s outlook account information and might request the user to verify their outlook account by clicking on a malicious link. Then the victim enters their username and password, sharing it with the cybercriminal.
• DHL. As you might assume, this type of phishing might spoof DHL’s webmail address and domain with a common subject line like “shipment notification” or “unable to complete delivery.” The unsuspecting user is sent to a malicious link requesting personal information to access the shipping information.
• Amazon. In 2021, fraud experts claimed 2,300 new website domains were registered with the intention of impersonating Amazon for Amazon Prime Day alone. Take a closer look at Arnazon.com vs. Amazon.com. Did you spot the difference? The first one uses the letters r and n together to look like an m. At first glance, it’s easy to miss. Once they have spoofed the domain, a common attack might look like an email or text with the subject line “Your Amazon Account Verification.” The malicious link typically directs the user to the spoofed Amazon page to enter billing information.

How to spot brand phishing

Many of the signs to indicate a brand impersonation attack are like those of other phishing attacks. Be on the lookout for:

• A request for your payment information, login, or other personal details
• Spelling and grammar errors
• Urgency in the tone
• Suspicious attachments
• Email name and/or domain name don’t match the brand
• A request that seems out of the norm

Invest in security education and awareness training

Brand phishing is just one of the many cyberattacks covered in Security Education and Awareness Training, and it’s one of the trickiest to spot. Your employees need to be able to recognize risky situations and act accordingly.

Locknet® Managed IT uses state-of-the-art security training to arm your employees with the knowledge they need:

• Self-service enrollment – employees can take the training when it fits into their schedule
• Online training includes case studies, live demonstration videos, and short tests
• Quizzes at the end of each module confirm employees have retained the information
• Audits before and after training to assess the impact
• Large selection of modules and courses
• Monthly phishing security tests
• Monthly email exposure checks
• Access to an administrative portal

As you start planning for 2023, partner with Locknet’s team of trusted professionals to educate your employees and create a “human firewall” of both technology and training to improve your organization’s cybersecurity position. Contact us today.