Microsoft Tops the 10 Most-Phished List, But Three Big Payment Brands Also Appear

Phishers trying to manipulate recipients of their ill-intended emails overwhelmingly target Microsoft Corp., according to the Brand Phishing Report for Q2 2021 from Check Point Software Technologies Ltd. Payment brands Chase, Apple Inc., and PayPal Holdings Inc. round out the report’s top 10 list for the quarter.

The results indicate the computing giant showing up in 45% of all brand phishing attempts  in the second quarter, dwarfing brands like Amazon (11%), Google (3%), Apple (1%), and PayPal (0.5%).

Phishing emails look authentic, but contains links that, if clicked, are designed to capture legitimate data. One example may have a “Your Subscription Has Expired” subject line and appear to come from Microsoft, but the link in the email goes to a fake Microsoft login page.

In a brand phishing attack, criminals try to impersonate the official Web site of a well-known brand by using a similar domain name or URL, as well as a design that mimics the genuine site, Check Point says. The scheme follows several paths to hook unsuspecting consumers. The link to the fake Web site can be sent to targeted individuals by email or text message, or a user can be redirected during Web browsing. Or the fake site may be triggered from a fraudulent mobile application.

“Cybercriminals are continually increasing their attempts to steal peoples’ personal data by impersonating leading brands. In fact, in the runup to Amazon Prime Day in [the second quarter], more than 2,300 new domains were registered about Amazon,” Omer Dembinsky, data research group manager at Check Point Software, said in a statement. “Unfortunately, it’s the human element that often fails to pick up on misspelled domains or suspicious texts and emails, and as such, cybercriminals continue to impersonate trusted brands to dupe people into giving up their personal information.”