These companies are the most impersonated in email phishing campaigns

Brand phishing isn’t going anywhere anytime soon

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Amazonwas the most impersonated brand worldwide inemail phishing attacksin 2021 according to anew reportfromAtlasVPN.

Last year, 17.7 percent of brand phishing emails impersonated Amazon while 16.5 percent impersonated the global logistics company DHL and 12.7 percent impersonated theeSign softwarecompanyDocuSign.

Further down the list, popularpayment gatewayprovider PayPal took the fourth spot as its brand was used in 5.7 percent of brand impersonation emails followed by the professional social network LinkedIn whose name was abused in 3.5 percent of brand phishing campaigns.Microsoft(3%), theweb hostingcompany 1&1 (2.5%), British telecom O2 (2.3%) social media giant Facebook (2.2%) and the banking group HSBC (1.8%) also made the list as well.

All of these figures come from Hornetsecurity’sCyber Threat Report 2021/22which examines the state of global email threats.

Spotting a brand phishing email

The reason cybercriminals choose to impersonate these and other large brands is to lower the guard of potential victims. Once a victim has been tricked into taking one of these phishing emails seriously, they are then lured into opening links to malicious websites designed to infect their devices withmalwareor steal their data.

While organizations can do very little to prevent cybercriminals from impersonating their brands online, consumers can protect themselves from falling victim to phishing campaigns by learning about and keeping in mind a few tell-tale signs.

Cybercriminals are impersonating social media sites to steal your logins

These phishing scams impersonate popular shipping companies

This super ambitious phishing campaign impersonated the US Department of Labor

As large brands have professional copywriters and editors to proofread all of the emails and other messages the sent out to their customers, spelling and grammatical errors are a dead giveaway that an email isn’t official. Likewise, inconsistencies in the sender address in one of these emails can indicate that email is not legitimate.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Cybercriminals often use email addresses that appear similar to a company’s official email address in an attempt to dupe potential victims. Suspicious URLs and attachments are also clear giveaways when it comes to phishing emails.

Although those behind brand phishing attacks may try to instill asense of urgencyto get users to respond, requests to provide sensitive information are another red flag. This is because large businesses like Amazon would rarely if ever ask their customers to provide sensitive information over email.

Finally, if an email’s message seems too good to be true, it probably is. So avoid emails informing you that you have won the lottery or other similar-themed messages at all costs.

Brand phishing isn’t going anywhere anytime soon as it can be a very lucrative endeavor for cybercriminals but being able to spot the signs can help protect you from these campaigns and allow you to avoid falling victim toidentity theft.

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)