Technology giants like Google and Apple are also among the top brands impersonated in Q2 2023 phishing attacks, Check Point Research finds.

Check Point Research (CPR) has released its highly anticipated Brand Phishing Report for the second quarter of 2023. The report reveals a shift in cybercriminal tactics, with three major technology companies dominating the list of most frequently imitated brands. The report also highlights the fact that cybersecurity is essential for brand protection.

Should this come as a surprise? Not at all. The prevalence of malicious Office documents accounted for 43% of all malware downloads in 2020. During the 3rd quarter of that year, approximately 38% of all downloadable malware was discovered concealed within Microsoft Office documents.

Microsoft

Microsoft, the global technology giant, claimed the top spot with a staggering 29% of all brand phishing attempts during Q2. This marks a significant leap for Microsoft, which had previously held the third position in the first quarter of the year.

The rise in phishing attempts can be attributed to a targeted campaign aimed at Microsoft account holders, wherein cybercriminals sent fraudulent messages regarding unusual sign-in activity.

These deceptive emails appeared to originate from within the company and included detailed information about the alleged security breach, leading users to malicious websites to steal their credentials and personal information.

Google and Apple

Google secured the second position, accounting for 19.5% of brand phishing attempts. Meanwhile, Apple made its debut on the list, featuring in 5.2% of phishing events during the last quarter. The technology sector itself was the most impersonated industry, followed closely by banking and social media networks.

The report also highlighted a worrisome trend concerning the finance industry. American banking organization Wells Fargo ranked fourth this quarter, becoming a prime target for cybercriminals through a series of malicious emails requesting account information. Other notable brands impersonated in phishing attempts included Amazon, Walmart, Roblox, LinkedIn, Home Depot, and Facebook.

Omer Dembinsky, Data Group Manager at Check Point Software, emphasized the need for vigilance when dealing with suspicious emails, stating, “While the most impersonated brands move around quarter to quarter, the tactics that cybercriminals use scarcely do. This is why we all must commit to stop and review, taking a moment before clicking on any link we don’t recognize.”

Brand phishing attacks involve cybercriminals imitating well-known brands, and deploying deceptive domains and web page designs that resemble genuine sites to steal users’ personal data, credentials, or payment details. These attacks can be delivered through emails, text messages, or fraudulent mobile applications.

The top phishing brands for Q2 2023 were as follows:

1. Microsoft (29%)
2. Google (19.5%)
3. Apple (5.2%)
4. Wells Fargo (4.2%)
5. Amazon (4%)
6. Walmart (3.9%)
7. Roblox (3.8%)
8. LinkedIn (3%)
9. Home Depot (2.5%)
10. Facebook (2.1%)

Cybersecurity experts stress the importance of being cautious and conducting due diligence before interacting with any unfamiliar links or providing personal information online. As cybercriminals continue to evolve their tactics, proactive measures and advanced security technologies become increasingly vital in the fight against brand phishing.

RELATED ARTICLES

1. 4 Essential Facets of Brand Protection
2. 42,000 phishing domains found mimicking popular brands
3. 16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar
4. Google, Microsoft &Oracle generated most vulnerabilities in 2021
5. Microsoft, PayPal & Facebook most targeted phished brands- 2019