Top 10 Brands Spoofed In Phishing Attacks
By: Jim Stickley and Tina Davis
April 2, 2021
The numbers don’t lie, but cybercriminals sure do. A recent report by Vade Secure shows a dramatic uptick in spoof email phishing. Amazon alone is up over 400% in one year, taking the number eight spot in most-targeted brand spoofs. Phishing emails are at the heart of spoofing, and the URL website links in the emails lead to fake websites that look like the real deal. Some of our country’s biggest and best-known companies are being used as spoof bait, and it’s working against the rest of us. Credential theft is the goal of a spoof, and once a user’s PII (Personally Identifiable Information) is stolen, it can be used against a victim for a myriad of financial and identity thefts.
Most Spoofed Brands
Microsoft is currently the most spoofed brand, up 15.5% since last year. Their worldwide-known brand with many millions using their software is irresistible to hackers. Another high-profile brand that is currently second behind Microsoft is PayPal. Its high-profile and trusted e-commerce company is a tempting source for this type of crime because of its direct link to finances. Facebook takes third place with a spoof-jump of 176% since last year. A successful Facebook spoof steals contact lists that provide a whole new group of friends to send phishing emails to. Additional Facebook information can be accessed, which can lead to other exploitation in many ways. Other high-profile spoof-sites include Netflix, Bank of America, and Apple.
Spotting a Fake
When this type of email message is opened, not only will it likely have malware attachments, but a link to a spoofed URL is included. These bogus URL’s may look exactly like a legitimate web page you would see from a retailer or your financial institution. The goal of these pages is to get users to input their PII, including passwords, account numbers, and more. But these pages are not perfect duplicates, so look for these anomalies when logging in:
Resize. A login box looks small, and a user is not likely to notice because their focus is on logging in.
Blur. Blurring the background of the login page is another way to have users focus only on logging in.
Creative. The web page has a “new graphic design” look from what a user normally sees.
Retro. If the login page design looks old, ditch it. Again, a spoofer hopes a user doesn’t notice.
Sense of Urgency. A pressure tactic urges a user to give up their PII quickly.