Check Point Research’s latest Brand Phishing Report reveals retail was the most impersonated industry last quarter with Walmart topping the list and Home Depot making it into the top ten
Our latest Brand Phishing Report for Q3 2023 highlights the brands that were most frequently imitated by cybercriminals in their attempts to steal individuals’ personal information or payment credentials during July, August and September 2023.
Last quarter, American multinational retail corporation Walmart emerged as the most imitated brand used in phishing attacks, accounting for 39% of all phishing attempts. This marks a significant jump from sixth place in the previous quarter. Tech giant Microsoft came in second with 14%, while multinational financial services company Wells Fargo ranked third with 8% of such attempts.
Notably, Mastercard, the second-largest payment-processing corporation worldwide, entered the top 10 list for the first time, ranking in 9th place. The number of phishing campaigns associated with Amazon imitations also remained high, which coincided with the company’s announcement of the 2023 Fall Prime Day sale, known as Prime Big Deal Days, scheduled for the second week of October.
In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and a web-page design that resembles the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.
Top Phishing brands
Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q3 2023:
- Walmart (39%)
- Microsoft (14%)
- Wells Fargo (8%)
- Google (4%)
- Amazon (4%)
- Apple (2%)
- Home Depot (2%)
- LinkedIn (2%)
- Mastercard (1%)
- Netflix (1%)
Amazon Phishing Email – Fake Order Confirmation Scam
This deceptive email, impersonating the Amazon brand, claimed to confirm an order and urged recipients to click an order number link. It contained a subject line “Your Order with Amazon.com”, aimed to create urgency, and featured a malicious link: it\.support\.swift-ness.com (currently inactive) which is not associated with Amazon. It requested recipients to check order status or make changes, displaying order details for credibility.
LinkedIn Phishing Email – False Business Messages Scam
In August 2023, a phishing email impersonating LinkedIn was identified, sent from the address “giacomini@napa\.fr” and claimed to be from “LinkedIn”.
The email’s subject line is “You have 8 new business messages from ___” (figure1) and contained a brief message, informing recipients of 8 new business messages from the same person, who claimed to be a Sales Manager.
The fraudulent message aimed to deceive recipients into believing they had unread messages on the LinkedIn platform and to read them they need to click on the malicious link: online\.cornection1\.shop (Figure 2), leading to a fake Microsoft login page aimed to steal the user’s credentials.
AI-powered Brand Spoofing Prevention
Expanding our zero-phishing offering, introducing our innovative AI-powered engine to prevent local and global brand impersonation employed in phishing attacks, collaboratory protecting across networks, emails, mobile devices, and endpoints.
The newly developed engine blocks links and browsing associated with local and global brands that have been impersonated and exploited as bait to deceive victims in phishing attacks, spanning multiple languages and countries.