The biggest impersonated brands used in social engineering schemes
You’re no stranger to phishing attacks, a common method by hackers and malicious parties to steal information. They’ve existed since the earliest days of the internet when things like email were first possible and the potential for scams existed. Since then, phishing attacks are widespread and a common cybersecurity threat, using staple, trusted brands to achieve effective results. So mainstream are these phishing attacks you’ve likely received one in the past two years.
Some phishing emails and messages are easier to spot than others with frequent telltale signs. Spelling errors and unfamiliar senders are obvious red flags (though these errors are meant to target recipients who won’t filter out obvious scams). That said, phishing attacks seek larger targets, ranging from city networks to federal agencies. Organizations and companies of any size are prime material for attackers too. And given tumultuous global events, the likelihood of being the target of a phishing attack is higher than ever.
Part of defending against phishing attacks is identifying common forms of attack. In other words, these days, who are phishing scammers likely to impersonate?
Popular phishing brands
A report from 2021’s end of the year showcased which brands served as a popular “cloak” for hackers.
To start, the financial industry was the most common subject for phishing-based emails. This follows trends since entities like PayPal are valuable impersonation targets. It’s likely you’ve received a phishing email from a PayPal impersonator in fact. It makes sense since brands like banks (Wells Fargo, Bank of America) can put one on “high alert” if they believe something happened with their accounts.
For corporate entities and brands, Microsoft was the go-to for scammers. Considering the rise of remote working and expansion of Microsoft’s support services with cloud, apps, and project tools.
Hackers used corporate imagery and logos to appear as an official Microsoft contact. They also target remote networks which may not have the strongest cybersecurity infrastructure or phishing recognition policies. Automated techniques are also employed to increase attacker efficiency.
Social media phishing attacks
At nobody’s surprise, Facebook proved to be the ideal brand choice for phishing schemes. Facebook is a concentration of numerous contact potential and misinformation. It gives hackers quick access to likely targets and provides them with a robust source of information (like contacts they can fake).
Other brands like LinkedIn are also useful for phishing scams, which hackers use to collect data on business entities and contacts.
Key points of interest
The report also discovered other characteristics of phishing attacks.
- A majority of attacks occurred related to the financial sector
- Majority of attacks also happened during the weekdays, with the most “popular” days for phishing strikes happening on Mondays and Tuesdays
- Friday typically sees the highest saturation for social media-based phishing attacks
It’s troubling information of course, as the increase in any type of cyber attack means we must remain vigilant and aware. But by recognizing the symptoms and signs of common phishing attack characteristics, defending against them is much easier. As times change though, so will the tactics of scammers.