Microsoft, Google, Apple most imitated brands for phishing scams: Report

Global technology companies — Microsoft, Google and Apple — are leading the way to become the most imitated brand for phishing scams in Q2-2023, according to a report by cybersecurity firm Check Point’s research arm Check Point Research.

In a brand phishing attack, cyber criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and a web-page design that resembles the genuine site. These attacks can be delivered through emails, text messages, or fraudulent mobile applications. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.

During the April-June quarter, Microsoft, the global technology giant, claimed the top spot with a staggering 29% of all brand phishing attempts during Q2. The tech firm previously held the third position in the first quarter of the year.

Google secured the second position, accounting for 19.5% of brand phishing attempts. Meanwhile, Apple made its debut on the list, featuring in 5.2% of phishing events during the last quarter. The technology sector itself was the most impersonated industry, followed closely by banking and social media networks. For example, American banking organisation Wells Fargo took fourth place this quarter due to a series of malicious emails requesting account information. Other notable brands impersonated in phishing attempts include Amazon, Walmart, Roblox, LinkedIn, Home Depot, and Facebook.

This doesn’t come as a surprise in the cyber world. Microsoft for example, has made to Checkpoint’s and several other researcher’s list for the past several years now as one of the most imitated brand for phishing. A report released by Checkpoint researchers in 2020 found that the prevalence of malicious MS Office documents accounted for 43% of all malware downloads that year. During the third quarter of that year, approximately 38% of all downloadable malware was discovered concealed within Microsoft Office documents, the researchers said.

To be sure, a research report published on 13 July by cybersecurity firm Vade showed phishing volumes increased by more than 54% in H1 2023. The researchers noted, while Facebook was leading in terms of being the most imitated brand for phishing scams in Q12023, Microsoft overtook the social media giant in the second quarter after experiencing a 22% quarter-over-quarter increase in spoofing attempts.

The researcher firms believe, in the second quarter of 2023, a phishing campaign targeted Microsoft account holders by sending fraudulent messages regarding unusual sign-in activity.

Another report published in May 2023 by cyber security firm Barracuda said that 50% of organisations the company surveyed were victims of spear phishing attacks in the last twelve months. The report also found that, on average, organisations receive five “highly personalised spear phishing emails per day.”
Jeff Abbott, chief executive officer at IT software firm, Ivanti, said, in an interview with Tech Circle published on 12 April that with the rise of phishing attacks and other cybersecurity attacks, the first important step is to have a strong sense and practice of cyber hygiene.

“That includes best practices like installing antivirus and malware software and scanning for viruses, patch management to fix software vulnerabilities and also using firewalls to stop unauthorised users from getting information. It’s important to update apps, web browsers, and operating systems on all devices regularly. In that sense, it is important that every company follows a proactive and not a reactive approach to security,” said Abbott.