Phishing is a common tactic used by cyber criminals, as it can be very lucrative but doesn’t require as much technical, hacking know-how as other types of cyber attacks. Hackers often bank on you recognizing a brand name and being one-of-many that have an account with that company. With this in mind they convince you that the phishing email is legitimate. Often claiming that you’ve been locked out of your account, a payment didn’t go through, you need to update your information, or anything else that could get you to click on a link and enter your username and password, payment information, or other personal information. Then, they can either use the information themselves, or sell it to other cyber criminals. Let’s take a look at which brands are most often impersonated in phishing emails and why.
According to VadeSecure, the 10 Most Popular Brands for Phishers to Impersonate are:
- Bank of America
- Credit Agricole
Microsoft has remained at the top of the list for four quarters in a row. Why are Microsoft credentials so popular? Well, if someone gains access to your Office 365 account, they also gain access to your coworkers, your clients, your vendors, and anyone else you communicate with via email. They can pose as you, waiting for an opportune moment to target someone in your organization capable of completing wire transfers and make off with your organization's money. They could send ransomware (posing as a harmless link or invoice) to everyone in your contacts. Not to mention that with your Office 365 credentials, cyber criminals can access all the data and documents you have stored in your Microsoft suite (SharePoint, OneDrive, etc.).
PayPal has also been one of the most targeted brands by phishers. The reason for this one is more obvious, as PayPal is the most widely used online payment service in the world. There are also more than 250 million active users to target and steal money from.
When it comes to Netflix, most phishing emails will try to steal payment info by stating that your monthly payment was declined. VadeSecure also found that “many Netflix phishing emails contain as many as six or seven legitimate Netflix links (in addition to one malicious link). This technique is aimed at fooling both reputation-based email filters and users, who check one or two links and then assume that the email is legitimate."
When email filters and antivirus scans fail, the best way to avoid falling prey to phishing scams is by knowing how to identify them and thinking before clicking. This is why we offer Staff Cyber Security Training. Not only does it teach your staff what to look out for, but it also lets them put their skills to the test through phishing simulations. For more information on Cyber Security Training and what it can do for your business, contact us today!