Mimicking the domain names of major brands is nothing new for cyber criminals. Attackers imitate famous brands in order to conduct lucrative phishing attacks. For brands, this represents a concern in relation to losing leads, and customer trust. For employees, brand imitation threats can easily go unnoticed until it’s too late. Here’s the latest on brand phishing…
Brand phishing reports
Between July and September of 2021, 29% of all global phishing attacks were conducted by threat actors who mimicked the Microsoft brand. In the same three month window, 13% of phishing attacks imitated the Amazon brand, while 6% focused on Google.
Platforms like LinkedIn, WhatsApp and Facebook have recently made the ‘most imitated brands’ list for the first time. One LinkedIn phishing attack that’s making its way around the web is deceptively simple…In this phishing attack, hackers send LinkedIn users a message that reads “You have a new LinkedIn business invitation from…” Once victims click on the message, they’re directed to a faux LinkedIn website. Prompts then direct people to enter personal information, which hackers then sell or leverage in other nefarious ways.
Researchers also report malicious phishing emails that attempt to steal credentials for Google accounts. Emails contain subjectlines such as “Help strengthen the security of your Google Account.” Attackers have then attempted to lure victims to fraudulent, malicious pages that come across as authentic Google login websites.
“Everyday is a good phishing day for the bad guys, says cyber security expert Micki Boland.
Avoiding brand phishing attempts
Cyber criminals are continuously looking for new ways to deceive victims. Phishing lures can easily look like legitimate links. Ensure that your employees know to avoid clicking on suspicious links.
That said, a new survey indicates that 50% of adults remain sufficiently suspicious of email scams that they regularly ignore genuine emails. A study of 2,000 adults shows that 33% check emails for signs of fraud ahead of clicking on potentially illegitimate links.
Anti-phishing strategy recommendations
Phishing attacks are growing increasingly sophisticated, and in some cases, phishing attempts can fool the most seasoned of security experts. If your organization is concerned about newly introduced phishing threats, consider pursuing a comprehensive anti-phishing strategy. This should include:
- Education for employees pertaining to phishing threats
- Implementation of password security best practices and related tools
- Use of an automated anti-phishing solution
“As a security professional, if you allow phishing emails to land in your users inbox and impact your organization, you have failed in many ways. Do not count on your end users to be your last line of defense,” says Check Point Field CISO, Americas, Pete Nicoletti.
Cyber criminals are continually innovating and are evolving their tactics and strategies. The impersonation of well-known brands remains as a continuous threat, especially as people continue to work from home and may be less inclined to ask questions to or cross-check information with colleagues.
Advice for employees: “Remember Snow White and the poison apple? Things are not always what they seem. Think before you take the bait” says Check Point Field CISO, Americas, Cindi Carter.
For more insights into phishing threats, check out CyberTalk.org’s phishing resource page or read our whitepaper, here. Get more expert insights, business analyses and robust resources when you sign up for the Cyber Talk newsletter.