2020’s Top 10 Phishing Brands

• March 4th, 2021
Data Privacy, Data Protection, Online Privacy, Phishing Protection

With 2020 behind us, it is now possible to take a look back and analyze the different cybercrime trends that took place in order to be more prepared in 2021. One of the most popular form of cyberattacks is phishing, and as it usually comes in the form of emails from well-known brands, they can often be deceiving.

Let’s take a look at the top 10 phishing brands of 2020, according to Check Point’s research, so that we can be wary when we get an email from them:

1. Microsoft (related to 43% of all brand phishing attempts globally)
2. DHL (18%)
3. LinkedIn (6%)
4. Amazon (5%)
5. Rakuten (4%)
6. IKEA (3%)
7. Google (2%)
8. Paypal (2%)
9. Chase (2%)
10. Yahoo (1%)

Other notable brands in phishing attempts in 2020 included WhatsApp, Facebook, and Netflix.

Top industry sectors for brand phishing

1. Technology
2. Shipping
3. Retail

Case study 1: DHL

In November 2020, researchers from Check Point noticed a malicious phishing email that used DHL’s branding, and was trying to steal users’ passwords. The email was sent from the spoofed email address [email protected] and had the subject “RE: Your DHL parcel (Available for pick up) – [<recipient email>]” with the user’s email address listed. It aimed to lure the recipient to click on a malicious link that redirects the recipient to a fraudulent login page that encourages them to insert their password and then be sent to the fake site: (https://ipostagepay[.]ru/[.]mm0/).

Case study 2: Microsoft Phishing Email

Around mid-year, Check Point observed a malicious phishing email aiming to steal Microsoft Office 365 account users’ credentials. The email below contains the subject “Doc(s) Daily delivery #- <ID Number>” and the content impersonated eFax service.

• 

After the users click on the link, they are taken to another document (see below)

It then redirects them to a fraudulent Microsoft login page (see below).

Branded email safety checklist:

1. Do you know email address of the sender when you click it?
2. Is the sender urging you out to take immediate action?
3. Do you notice any spelling or grammar issues?
4. Do the logo, font, and other features in the email appear strange?
5. Does the email say you’ve won a contest or the lottery you haven’t entered?
6. Is the email asking for a donation?

Steps to take to protect yourself from phishing emails:

1. Contact the real company directly
2. Don’t open any email attachments – they can contain malware!
3. Get ZoneAlarm Extreme Security – It includes all you need to protect your PC and mobile device from cyberattacks (Android & iOS) using enterprise-grade technology by Check Point. Its anti-phishing feature prevents you from inserting your credentials while it checks if the potentially dangerous website or email opened is safe or not. Only after it is deemed safe, you can go ahead and insert your credentials.