4 min read

Back on the Beaten Path – Phishers Return to Impersonating Famous Brands as COVID Ends, Bitdefender Reveals

Filip TRUȚĂ

November 18, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Back on the Beaten Path – Phishers Return to Impersonating Famous Brands as COVID Ends, Bitdefender Reveals

Phishing remains a leading attack vector in social engineering scams targeting consumers worldwide. With the hype around COVID drawing to a close in 2022, scammers are less focused on impersonating pharma and .gov entities. Instead, they’re back on the beaten path, returning to tried-and-tested avenues, spoofing major brands and industries that consumers use every day.

In the six months from May to October this year, data from Bitdefender’s Antispam Lab reveals that threat actors have rejuvenated their spam and phishing campaigns, impersonating dozens of international brands. Here, we cut the list to a manageable top 15:

Credit: Bitdefender

Amazon & DHL

Likely the most consistently phished brands over the years, Amazon and DHL took the top two spots across the six-month period. Overall, Amazon-themed scams took the top spot, with a 43.79% share. DHL campaigns made second place, with 23.11%.

In May, a quarter of all phishing campaigns caught in Bitdefender’s global net were DHL-themed, with scammers spoofing the German company’s logistics, courier, package delivery and express mail services.

Credit: Bitdefender

Amazon’s e-commerce, cloud computing, online advertising and digital streaming services were impersonated 27% of the time. Between the two of them, DHL and Amazon accounted for more than half of all phishing attacks targeting consumers in May.

While DHL followed a similar path throughout the six months, Amazon-themed campaigns nearly doubled in the Jun-Oct time-frame, peaking in October with a 56.8% share.

Credit: Bitdefender

Tech companies

Scammers are back to pumping resources into spoofing the products and services of household tech companies – especially their support platforms – using spray and pray techniques to get consumers to divulge their personal data, passwords and even financial information.

As a standalone brand name, Microsoft comes third overall on our list, with a 13% share. The figure is higher if we factor in the 2.2% additional scams impersonating the Microsoft-owned collaborative platform Sharepoint – often through business email compromise (BEC) attacks.

Credit: Bitdefender

Internet behemoth Google sits in the seventh position on our list, with a rather small 1.3%share. Google-themed scams spoof the web giant’s vast array of services, most often seen by our engines as targeted attacks impersonating Gmail, Google Drive and YouTube. Spam campaigns leveraging Google as a brand often use actual Gmail addresses to avoid detection by security solutions, often delivering tainted Google Docs and redirecting links.

Apple impersonation takes the 10th spot on our list. While 0.7% is not a huge share, the figure corresponds to a plurality of daily phishing attacks targeting Apple users with scary messages claiming to come from Apple Support, fake iCloud receipts, or fake deals advertising Apple gear. The numbers are likely much higher, considering that not everyone has a security solution installed to detect and log these attacks. In fact, many people don’t even use one.

Once the go-to brand impersonated to deliver fake, malware-laced Flash downloads, Adobe is now a mere blip on the radar. Yet scammers still leverage its legacy to target unsuspecting victims.

Emails purporting to come from Adobe often encourage the victim to interact with the tainted contents of the message, whether it’s a link to a spoofed Adobe site designed to harvest the user’s data, an infected file download or an Adobe eSign request.

Adobe-themed scams make up a relatively small 0.38%of all email-borne scams tracked over the six months.

Considering Facebook’s influential presence on the web, the platform’s impersonation rate is surprisingly small – at least compared to other brands – amassing just 0.17%. But in that apparently diminutive window of opportunity, attacks unfold daily, either impersonating Facebook itself with fake support messages like “your account has been compromised,” or riding on Facebook-centric features, like login-with-Facebook.

Video streaming

Streaming giant Netflix takes fourth spot, with 7.6% of scams over the six months impersonating its brand. Attackers spoofing Netflix do exactly what you’d expect – they seek the target’s username and password.

Credit: Bitdefender

Banks and financial services

Banking and financial services are among the most besieged areas when it comes to brand impersonation, and it’s no surprise that our top list features not one, but six players in this sector: Standard Bank (4.29%), Bank of America (1.01%), Wells Fargo (0.88%), PayPal (0.58%), Western Union (0.22%) and HSBC Bank (0.15%). Between the six of them, banking as a sector accounts for 7.13% of phishing attacks targeting people’s card data or login credentials, or going straight for their wallet with urgent wording and fake dues.

Credit: Bitdefender

Bitdefender recommends users deploy a trusted security solution on their computers and phones to filter out scams from legit communications with the brands they do business with. Bitdefender home solutions cover both desktop and mobile devices and protect users against phishing, malware and digital identity theft. Learn more at: https://www.bitdefender.com/solutions/.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Royal Ransomware Launches Attacks on US Healthcare Organizations, Government Warns Royal Ransomware Launches Attacks on US Healthcare Organizations, Government Warns
Vlad CONSTANTINESCU

December 09, 2022

2 min read
North Korean APT Group Exploits Internet Explorer Zero-Day Flaw, Google Warns North Korean APT Group Exploits Internet Explorer Zero-Day Flaw, Google Warns
Vlad CONSTANTINESCU

December 08, 2022

2 min read
Medibank Goes Offline to Rebuild Cyber Defenses in Wake of October Hack Medibank Goes Offline to Rebuild Cyber Defenses in Wake of October Hack
Filip TRUȚĂ

December 08, 2022

2 min read