Meta, PayPal, Microsoft most impersonated brands in phishing attempts, shows study

Meta, PayPal and Microsoft are among brands that are most impersonated by hackers running phishing scams. According to a report by security firm Cloudflare, hackers create malicious domain names that seem like they belong to these well-known brands, but will actually steal user data. Firms like Adobe, Amazon, Apple, eBay, Instagram and Netflix are also among key targets for hackers. They use emails designed to impersonate brand emails and direct users to the malicious domains.Phishing refers to an attempt to steal sensitive information like usernames, passwords, credit card numbers, bank and crypto account information, or other important data in order to utilise or sell the stolen information. It is becoming one of the biggest concerns for individuals and businesses across the world. 

“Phishing attacks prey on our trust in the brands we love and use every day, and are becoming more difficult to spot for even the most digitally-savvy person. Our sanity, bank accounts, and passwords shouldn't be compromised because we glossed over a misspelled 'from' field or accidentally clicked on an obscure URL,” said Matthew Prince, co-founder and CEO at Cloudflare. 

Other technology companies in the list include Verizon, Adobe, Amazon, Apple, eBay, Instagram and WhatsApp, Rakuten, Netflix, LinkedIn and Alphabet. 

The study also found that finance, technology, and telecom brands were the most commonly impersonated industries, notably for the unprecedented access and financial benefit that bank accounts, email and social media, and phone companies can give attackers.  

Technology and telecom companies are a unique threat because phishing attacks can intercept the emails and text messages that are used to verify a user’s identity via two-factor authentication. Therefore, these phishing attempts can lead to other accounts being compromised as well, said the report. 

To be sure, other research reports have also observed phishing attacks are on the rise in recent years. Researchers at cybersecurity firm Acronis in a report published on December 2022 observed that threats from phishing and malicious emails have increased by 60% in the last four months of the year.  

Further, IBM's 2022 Cost of Data Breach Report published on July 28, by IBM Security found that the average cost of data breaches rose from $4.24 million in 2021 to $4.35 million in 2022. The biggest category of phishing is targeted towards users of webmail and software as a service (SaaS). The report also said that around 65% of cybercriminals have leveraged spear phishing emails as their primary attack vector.