In this post, we will show how hackers impersonate big brands and scam people.
When you receive an email saying that it is from a company that you do business with, it features the company’s logo, and it appears professional, you may trust it, especially if it comes from a reputable business. Unfortunately, hackers know this and piggyback reputable brands to try to accomplish their nefarious objectives. Here is what you need to know about impersonation and phishing – and how to protect yourself.
Wondering how hackers impersonate big brands? Phishing is the most common way for criminals to gain entry into networks. This is because it is one of the easiest and cheapest cybercrimes to commit. If successful, the criminal can potentially gain valuable information from their targets. Scammers use phishing to try to obtain the following from people and businesses:
- Money and other monetary benefits
- Login credentials
- Financial data
Most phishing attacks are carried out over email, but some occur on social media or other platforms. In a typical phishing scam, the criminal tries to get the victim to take a certain action, such as providing login information for their account, updating their account, or making a payment. The victims may be asked to click on a link, download an attachment with malware, or respond directly with the information.
READ ALSO: What Next After Being Scammed Online?
The Brands That Hackers Impersonate
Statistics on identity theft indicate that hackers like to impersonate reputable companies. The more trustworthy the impersonated business, the more its customers may be to give the scammers what they want. Additionally, the statistics on identity theft clearly show that identity theft is on the rise, yet there is still not a very clear solution to it nor enough coverage about this issue.
According to a Vade Secure analysis on recent phishing attacks, the most popular brands hackers are impersonating include:
- Microsoft – Microsoft remains the biggest brand that hackers use in their phishing attacks. There are 15.5% more URLs in emails claiming to come from Microsoft in a year-over-year comparison. Microsoft is appealing to hackers who may use Office 365 accounts to view and steal restricted files in larger-scale attacks or to use a legitimate address to gain access to other accounts.
- Netflix – Due to Netflix’s recent price adjustment, this gave hackers a new opportunity to spoof customers.
- PayPal – PayPal is the most widely used online payment service across the globe and is a trusted brand, two characteristics that make it particularly attractive to hackers.
- Bank of America – Banks are often an attractive target to hackers because of the quick financial payoff.
- Chase – 9 out of 25 of the brands in the full report come from the financial industry, including Chase.
- DHL – This global logistics firm realized an increased 24.5% in phishing attacks.
- Facebook – Fake URLs listing Facebook as their source increased by 176% in a single year. Hackers who get login credentials from Facebook could obtain additional information that may be used in other types of attacks.
- DocuSign – Electronic document service company DocuSign made the top ten list. Gaining access to this account could allow hackers access to important financial documents and data.
- LinkedIn – LinkedIn experienced an increase of 15.8% in phishing attacks.
- Dropbox – Document storage company rounded out the tenth position.
Other reputable companies also find themselves targets for these phishing campaigns. For example, Amazon experienced an increase of more than 400% in phishing emails citing the conglomerate. Google brand sites make up 4% of spear-phishing attacks in 2020, according to Barracuda researchers. Apple also experienced a significant number of attacks. Not only that, but many big corporations also suffer from data breaches themselves, most famous of them being Amazon’s data breach. Hence, this should not be taken lightly.
How To Spot A Phishing Scam
Some signs that you are receiving a phishing message include:
- Denied access – Many phishing scams purport to tell you that you will not be able to access your account if you do not update your account. Others may say that fraudulent activity was detected on your account and may urge you to provide new login credentials.
- Mismatched email address or URL – The sender’s email address or the URL where you are redirected may be slightly different than the one you have received from the company before.
- Poor spelling or grammar – The message may contain spelling or grammar errors since many of these attacks are carried out by people who speak different languages.
- Urgency in the content – Hackers may try to bypass your better judgment by claiming that you have to take action NOW.
- Too good to be true messaging – If you receive a message congratulating you for winning a prize or lottery, you should be very hesitant.
How To Protect Yourself From Phishing
The FTC recommends taking the following steps to protect yourself from phishing scams:
- Install and regularly update security software
- Set up your mobile phone to update automatically since many attacks target mobile devices
- Use multi-factor authentication to protect your accounts
- Back up your data regularly
If you run a business, you will want to take extra precautions to safeguard your corporate accounts and customer data, including:
- Providing ongoing training to your workers to spot and avoid phishing attacks
- Disabling macros from being run on your business computers
- Restricting access to confidential information to only those workers who need it
What To Do If You’ve Been Catfished?
If you think you were victim to this type of attack and may have given out your personal information, go to IdentityTheft.gov and follow the steps. Also, update your computer’s security software in case you accidentally downloaded malware.
In this post, we’ve shown you how hackers impersonate big brands and scam people.
Even if you trust a company, you may not be able to trust an email or other message. Following the tips above can help you outsmart hackers and protect your personal information.
Note: David Lukić is an information privacy, security, and compliance consultant at idstrong.com. The passion to make cybersecurity accessible and interesting has led David to share all the knowledge he has.
- 12 Worst Data Breaches In History
- 7 Odd Signs That Your Website Has Been Hacked
- 8 Popular Types Of Cybercrimes In The 21st Century
- How To Prevent A DDoS Attack On Your WordPress Site
- 5 Certified Benefits of Identity Theft Protection