Don’t Fall for It: Identifying Phishing Emails Impersonating Famous Brands

Nov 1, 2024

Cybercriminals understand that the simplest method to avoid detection is to impersonate a well-known and trusted brand. These huge organisations have spent years on marketing, customer service, branding, and consistency to establish a trustworthy reputation, which hackers use to target you.

The most prevalent way is to deploy phishing assaults. These crooks create URLs that seem suspiciously similar to the actual company’s website. To avoid your attentive eye, these are some of the easy switches hackers use that can go unnoticed:

  1. Changing a zero for the letter “O” or a capital “i” for a lowercase “L.” If you’re reading an e-mail rapidly, it may appear legitimate.
  2. Adding a word that appears to be a subdomain of the genuine organisation, such as “info@googleservice.com.”
  3. Use a different domain extension, such as “info@google.io.”

Some crooks will go a step further and create a web page that looks just like the original website. When you click the link, whether by e-mail, SMS, or social media, various severe consequences may occur.

The first is that malware may be installed on your machine. Clicking on a faulty link might initiate an automatic malware download, which contains dangerous files capable of collecting personally identifying information from your device, such as usernames, credit card or bank account details, and so on.

The second is that the bogus website will include a form to collect your information. This could include login credentials, passwords, and, in some situations, card or bank account information.

The third most prevalent issue is an open redirect. The link may appear legitimate, but when you click on it, you are taken to a malicious website with the purpose of stealing your information.

What brand impersonations should you look out for? Well, all of them, but according to Check Point’s most recent Brand Phishing Report, ten organisations rank first overall in brand phishing efforts.

Top ten most frequently impersonated brands in phishing attempts:

Here are the top ten most frequently impersonated brands in phishing attempts in the second quarter of 2023:

  1. Microsoft (29%)
  2. Google (19.5%)
  3. Apple (5.2%)
  4. Wells Fargo (4.2%)
  5. Amazon (4%)
  6. Walmart (3.9%)
  7. Roblox (3.8%)
  8. LinkedIn (3%)
  9. Home Depot (2.5%)
  10. Facebook (2.1%)

Take a minute to consider how many of the businesses on this list send you regular e-mail correspondence. Even a single one puts you at risk.

Cybercriminals go above and beyond with these schemes. They understand what messaging works best for each brand to capture your attention.

Here are three classic phishing scams used by fraudsters to obtain your personal information under the guise of these well-known businesses:

  1. Unusual Activity – These e-mails indicate that someone has gotten access to your account and that you should change your password immediately. They use panic to get individuals to click without thinking, rushing to change their passwords before they become victims of the attack. They frequently feature links labeled “Review Recent Activity” or “Click Here To Change Your Password.” These e-mails can go so far as to display bogus login information such as the region, IP address, time of sign-in, and so on, much like real messages from companies do to entice you to click.
  2. Fake Gift Cards – These emails claim that you have received an e-gift card. When you open the email, it either directs you to a webpage to “claim your gift card” or contains a button to “redeem now.”
  3. Account Verification Required – These e-mails indicate that your account has been disconnected and ask you to verify your information. When you submit your login credentials, the hacker gains access.

These scams occur every day. You are a target, but so are the unknowing employees in your organisation. Without sufficient training, they may not know what to look for, panic, and attempt to handle these “issues” beneath the radar, resulting in the problem.

There are several measures to ensure that your network is secure. One option would be to use e-mail monitoring to limit the possibility of these phishing emails arriving in your inbox. It’s also critical to teach staff what to look for so that even if an e-mail slips past the phishing detection system, they can still keep your organisation safe.

The best thing to do is begin with your FREE Cybersecurity Risk Assessment. We’ll assess your network and provide a detailed report on the areas where you’re vulnerable and how to remedy them. There is no commitment, but you should be aware of the potential risks. Call us today!

Our Accreditations

Our Reviews

Subscribe for Latest Cyber Security News & Tips