According to the Check Point Research (CPR) Brand Phishing Report for Q2 2023, Microsoft has climbed up the rankings, moving from third place in Q1 2023 to top spot in Q2 and accounting for 29% of all brand phishing attempts.
This growth may be partially explained by a phishing campaign that saw hackers targeting account holders with fraudulent messaging regarding unusual activity on their account.
The report ranked Google in second place, accounting for 19% of all attempts and Apple in third, featuring in 5% of all phishing events during the last quarter.
In terms of industry, the technology sector was the most impersonated, followed by banking and social media networks.
At the beginning of this year, CPR warned of an upward trend that saw phishing campaigns leveraging the finance industry, and this has continued over the last three months. For example, American banking organisation Wells Fargo took fourth place this quarter due to a series of malicious emails requesting account information. Similar tactics were noted in other scams that imitated brands such as Walmart and LinkedIn, which also featured in this report’s top ten list taking sixth and eighth place.
“While the most impersonated brands move around quarter to quarter, the tactics that cybercriminals use scarcely do. This is because the method of flooding our inboxes and luring us into a false sense of security by using reputable logos has proven successful time and time again,” says Omer Dembinsky, data group manager at Check Point Software.
“This is why we all must commit to stop and review, taking a moment before clicking on any link we don’t recognise. Does something feel off? Is there bad grammar or any language that is prompting an instant response? If so, this may be an indicator of a phishing email. For organizations worried about their own data and reputation, it is key that they take advantage of the right technologies that can effectively block these emails before they have chance to dupe a victim.”
In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and a web-page design that resembles the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.
Top phishing brands in Q2 2023
The top brands ranked by their overall appearance in brand phishing attempts are:
* Microsoft (29%)
* Google (19,5%)
* Apple (5,2%)
* Wells Fargo (4,2%)
* Amazon (4%)
* Walmart (3,9%)
* Roblox (3,8%)
* LinkedIn (3%)
* Home Depot (2,5%)
* Facebook (2,1%)
Microsoft phishing emails
In the second quarter of 2023, a phishing campaign targeted Microsoft account holders by sending fraudulent messages regarding unusual sign-in activity.
The campaign involved deceptive emails which were sent allegedly from inside the company with sender names such as “Microsoft on <company domain>”. The subject line of these phishing emails was “RE: Microsoft account unusual sign-in activity” and they claimed to have detected unusual sign-in activity on the recipient’s Microsoft account. The emails provided details of the alleged sign-in, such as the country/region, IP address, date, platform and browser.
To address this supposed security concern, the phishing emails urged recipients to review their recent activity by clicking on a provided link which leads to malicious websites unrelated to Microsoft. The URLs used in the campaign, such as hxxps://online.canpiagn[.]best/configurators.html and hxxps://bafybeigbh2hhq6giieo6pnozs6oi3n7x57wn5arfvgtl2hf2zuf65y6z7y[.]ipfs[.]dweb[.]
The link is currently inaccessible, but the assumption is that they were designed to steal user credentials or personal information, or to download malicious content onto the user’s device.
LinkedIn phishing email
During Q2 of 2023 a phishing email imitating LinkedIn, a professional networking platform, was identified. The email falsely claimed to be from “LinkedIn” and had the subject line “Revise PO June – Order Sheet.”
It aimed to deceive recipients into clicking on a malicious link by disguising it as a report. The phishing link (which is no longer active) in the email led to a suspicious website located at hxxps://amazonlbb[.]ajimport[.]com[.]br/china/newcodingLinkedin/index.html.