The Most Impersonated Brands
in 2020

Edwin Frondozo

As far as phishing tactics go, brand impersonation is the go-to strategy for hackers.  Impersonating brands is a very effective way to phish for user emails and credentials from unsuspecting end-users.

And according to a recent analysis (October 2020), there are some pretty surprising discoveries about brand impersonation.

The top ten impersonated brands by their appearance in phishing attempts:

  1. Microsoft
  2. DHL
  3. Google
  4. PayPal
  5. Netflix
  6. Facebook
  7. Apple
  8. Whatsapp
  9. Amazon
  10. Instagram 

Top phishing brands by platform

During the 2nd half of 2020, email phishing was the most prominent type of brand phishing platform, accounting for 44% of attacks, followed by web phishing, which was the second most attacked platform compared to Q2, where it ranked first.
 
The top phishing brands exploited by email phishing attacks were Microsoft, DHL and Apple, in that order.
 
Email (44% of all phishing attacks)
  1. Microsoft
  2. DHL
  3. Apple

Web (43% of all phishing attacks)

  1. Microsoft
  2. Google
  3. PayPal
Mobile (12% of all phishing attacks)
  1. Whatsapp
  2. PayPal
  3. Facebook

Brand impersonation attacks come in three varieties:

Known brands

A known brand is where a well-known and trusted brand, like Google is impersonated.

Own-brand

Own-brand is where the company’s own name and branding are being used to attack it.

For example, a hacker using slingshotvoip.com to impersonate.

Related Stakeholders

Related stakeholder attacks use the brands of customers, suppliers, partners, and other organizations that work with the employees of the targeted company.

(Personal) Phishing Examples

I recently received a phishing attempt from a hacker impersonating Microsoft.

Phishing Microsoft Email

A couple of red flags:

  • From Name is “Mail Center_Support” (Who?)
  • From Email Address is “daniel.custodio@thekoheingroup.com” (Who?)
  • Dear “edwin” (lower case)
  • Copyright is “slingshotvoip.com
     (What?)

Another recent phishing attempt that I received was from a financial institution in Canada. 

In fact, it was a smishing attempt, a phishing attempt that leverages mobile text messages.

I’ll be honest with you, this one almost got me.

Having completed a recent transition on a TD account, I thought the message was legit.

The numbers they sent also matched the numbers on my access card.

Given the timing of the text message, I thought that there may be a small chance that this text could be real.

Rather than replying back via text message, I decided to call the phone number on the back of my back card.

The agent who answered told me it was not real and that they had many calls about it.

Quick Tips to Spot a Phishing Attempt

The message contains a mismatched URL

Hover over website addresses (URL) with your mouse, if the linked address is different from the text on the email, the message is fraudulent or malicious.

Website links contain a misleading domain name

Hackers rely on the fact that unsuspecting users do not understand how domain names work.

For example, the root domain of this website is slingshotvoip.com, a real subdomain could be www.slingshotvoip.com or info.slingshotvoip.com.

slingshotvoip.com.phishers.com would be a subdomain of phishers.com and would not have originated from slingshotvoip.com because the reference to slingshotvoip.com is on the left side of the domain name.

I have seen this trick used countless times by phishers as a way of tricking users that a message came from a company like Microsoft or Apple.

The message contains poor spelling and grammar

Whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, and legality, among other things.

So if a message contains poor grammar or spelling mistakes, I’m willing to bet it didn’t come from a major corporation’s legal department.

The message asks for personal information

No matter how official an email message might look, it’s always a bad sign if the message asks for personal information. 

Your bank doesn’t need you to send it to your account number. It already knows what that is. 

A reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

The offer seems too good to be true

There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.

You didn’t start the action

I’ve received many email messages letting me know that I had won the lottery.  The only problem is that I don’t play the lottery.  

If you get a message informing you that you have won a contest you did not enter, you can bet that the message is a scam.

You’re asked to send money to cover expenses

Depending on how far down you’ve communicated with the phisher, sooner or later, they will ask for money. They will ask to cover expenses, taxes, fees, or something similar. If that happens, you can bet that it’s a scam.

The message makes unrealistic threats

If you have been a netizen for over ten years, you may remember the Nigerian prince who had the challenge of transferring their funds.

The message appears to be from a government agency

Phishers who want to use intimidation don’t always pose as a bank. Sometimes they’ll send messages claiming to have come from a law enforcement agency, the IRS, CRA, the FBI, or about any other entity that might scare the average law-abiding citizen.

Something doesn’t look right

In Las Vegas, casinos look for anything that doesn’t look right (JDLR), as they call it. 

The idea is that if something looks off, there’s a good reason why. This same principle almost always applies to email messages. 

If you receive a message that seems suspicious, it’s usually in your best interest to avoid acting on the message.

The bottom line, if you want to stop brand impersonation phishing attacks, be prepared to identify all three types of attacks. Unfortunately, these types of attacks are on the rise. 

It’s not realistic to expect everyone, including yourself, to spot all three types of brand impersonation attacks.  When all three tactics are taken into account, there are too many brands and too many phishing tactics for busy employees to spot them all.

It only takes one to get through to compromise your entire organization.  

References:
https://www.checkpoint.com/press/2020/microsoft-is-most-imitated-brand-for-phishing-attempts-in-q3-2020/

Please click Like if you found value in this article.  Click Share to spread the love, thank you!

Don't get caught
by phishers

Download, print and post this handy checklist