Cybercriminals know the easiest way to sneak under the radar is to pretend to be a brand you know and trust. These brands have spent years on marketing and customer service to build a reputation that is trustworthy, which has led hackers to leverage them when going after your information.
The most common method used by cybercriminals when impersonating these brands is phishing attacks, where scammers will set up and include URLs that look believably similar to the real company. Below are examples of simple switches hackers will make that can go unnoticed if you’re not paying attention.
- Switching out a zero for the letter “O” or a capital “i” for a lowercase “L.” If you are quickly reading an e-mail, it might look legit.
- Adding in a word that seems like it could be a subdomain of the real company, like “info@googleservice.com.”
- Using a different domain extension, like info@google.io.
A vast majority of these types of criminals will take it a step further and actually set up a web page for the URL that looks identical to the real website. However, when you click the link – via e-mail, SMS or even through social media – many dangerous results can occur.
The first thing that can happen is malware being installed on your computer. By simply clicking a bad link, you can set off an automatic malware download that contains malicious files. These files have the ability to collect personally identifiable information from your device, including usernames, credit card or bank account numbers and more.
The second most common result is the fake website will have a form to harvest your information. This could be login credentials, passwords and in most cases, your credit card or banking information.
Another common issue is an open redirect. This occurs when the link may look legit, but when you click on it, you are redirected to a malicious website where the intent is to steal your information.
What brand impersonations do you need to look out for?
The correct answer is all of them! However, according to Check Point’s latest Brand Phishing Report, there are 10 companies that top the chart in brand phishing attempts. Below are the top 10 most frequently impersonated brands in phishing attempts in Q2 of 2023:
- Microsoft (29%)
- Google (19.5%)
- Apple (5.2%)
- Wells Fargo (4.2%)
- Amazon (4%)
- Walmart (3.9%)
- Roblox (3.8%)
- LinkedIn (3%)
- Home Depot (2.5%)
- Facebook (2.1%)
Ask yourself how many of the companies on this list send you regular e-mails. Even just one puts you at risk. Cybercriminals will go the full mile with these scams, and they know what types of messages work best for each company to get your attention. Below are examples of three common phishing attacks cybercriminals have used under these brands to gain access to your private information.
1. Unusual Activity.
These types of phishing e-mails will suggest that someone gained access to your account and that you need to change your password immediately. They leverage fear so people will click without thinking and rush to change their password, without realizing it’s a malicious email deployed by cybercriminals.
Most of these emails will have a button that says, “Review Recent Activity” or “Click Here To Change Your Password.” They can even go as far as showing fake login information detailing the region, IP address, time of sign-in and more to convince you to click.
2. Fake Gift Cards.
These e-mails suggest someone sent you an e-gift card. When you open the e-mail, they will either redirect you to a website to “claim your gift card” or have a button to “redeem now.”
3. Account Verification Required.
These types of e-mails suggest your account has been disconnected and they need you to verify your information. As soon as you enter your login credentials, the hacker will have access to this information and to your account.
Phishing attacks happen every single day. You are a target and so are the unsuspecting employees in your company. Employees without proper training might not know what to look for. They may panic and try to resolve these fraudulent “issues” under the radar, which can ultimately lead to the cybercriminal gaining access to sensitive company information.
There are multiple steps you can take to help secure your network from these types of threats. First, you should set up e-mail monitoring to help reduce the likelihood of these phishing e-mails ending up in your inbox. Another important piece is to make sure employees know what to look for, and know what to do, if an e-mail does get past the phishing detection system. However, the best thing to do is schedule your FREE Discovery Call. This is a no-obligation 15-minute phone call where we can discuss your concerns and assess areas you may be at risk. Click here to schedule your Discovery Call today!
