According to a report by cybersecurity firm Check Point, Microsoft is the most imitated brand in approximately 29 percent of all phishing scams globally, but at a lesser rate, down from 45 percent in the second quarter of 2021.
Phishing is one of the simplest forms of cyberattack for criminals to carry out. It is one of the simple scams for victims to fall for. It’s also one that can supply hackers with everything they need to break into their targets’ personal and business accounts.
A basic phishing attack aims to deceive the victim into doing what the hacker wants. It is typically carried out by email. However, the scam has moved beyond emails to phone calls, social media, messaging systems, and apps. Let’s dig into the details.
What Really Happened?
Cybersecurity experts from Check Point Research examined phishing emails received during the third quarter of 2021. They discovered that WhatsApp, LinkedIn, and Facebook hit the top 10 most impersonated organizations list for the first time this year.
The top spot on this infamous list has remained unchanged. Microsoft was impersonated in over a third of all phishing efforts (29 percent). But DHL has lost the number two spot to Amazon, which now accounts for 13 percent.
The increasing popularity of social media among attackers underlines that cybercriminals are targeting those working remotely as a result of the pandemic.
In a press announcement, Check Point Software’s Data Research Group Manager stated that malicious hackers aim to innovate their attempts to steal people’s data. They do it by impersonating global corporations.
According to the report, a brand phishing attack occurs when cybercriminals attempt to impersonate the company portal of a well-known company by using a similar domain name or URL and web-page design to the original site. The link to the phishing website can be delivered to individuals by email or text message. A user can redirect while browsing the web or by a malicious mobile application.
The fake website frequently includes a form designed to steal individuals’ passwords, payment information, or other sensitive data. Users should be cautious of emails or other communications that look to be from social media platforms such as Facebook or WhatsApp.
Prevention from future phishing attacks?
Training may appear to be a simple concept, but it is effective. Teaching employees what to look for in a phishing email can go a long way toward defending your organization against unwanted assaults.
Exercises allow employees to make mistakes – and, more importantly, learn from them – in a safe atmosphere. On a technical level, preventing macros from being launched on PCs in your network can help safeguard employees against assaults. Macros aren’t meant to be malevolent. Rather than that, they allow users to execute repeated activities by using keyboard shortcuts.
Multi-factor authentication also provides a significant barrier against phishing assaults since it needs cyber thieves to go through an extra step to carry out a successful attack. According to Microsoft, multi-factor authentication prevents 99.9% of attempted account hacks.
Rogue Logics provides in-depth security services for the assessment and protection of your application, data, and infrastructure against potential threats on-prem or in the cloud.
Want a consultation with the professionals at Rogue Logics, contact us and get a free quote.