NetworkTigers takes a look at phishing and brands.
With the FBI recently labeling phishing as the most common form of cybercrime and the FCC warning that SMS phishing campaigns have been rising precipitously, it’s clear that scammers are getting bolder, better and more sophisticated at creating convincing fraudulent campaigns.
What is phishing
Phishing refers to cyber scams that attempt to gain a victim’s trust via impersonation.
Their efforts can be as disengaged and automated as a campaign that blasts a huge volume of emails out in an effort to fool any unsuspecting recipients or as personal as someone pretending to be romantically interested in a victim only to ask for money.
Spear phishing is when a criminal deliberately targets a specific individual that they deem to be a financially lucrative target or in possession of credentials or other data that can be used or sold.
These campaigns use social engineering and clever manipulation to get employees to turn over sensitive company information by posing as a colleague or superior.
How do phishers phish?
Phishing is a broad term that can be used to describe a wide range of scam campaigns. Generally, phishing attacks rely on email, messaging apps or text messages to communicate with their victims.
Scammers accumulate large numbers of email addresses or phone numbers by scraping Google, social media sites or dark web sources with tools that aggregate the contact information they are after.
This information is then used to create and send out thousands of emails or SMS messages that look as though they originate from PayPal, a legitimate financial institution or other trusted source. In some cases, these fake messages are almost indistinguishable from the real thing.
These messages usually try to manipulate a victim into clicking a link by suggesting that their password was changed or that a purchase was made without their knowledge. The link either contains malicious code or sends the victim to a website that asks them to input their login credentials where they are then stolen and used to break into their account.
These kinds of campaigns are favored by scammers because they cost almost nothing to execute, require very little work and, due to the sheer volume of emails or messages sent, yield consistent returns.
Data pulled from social media sites may also include addresses, names and other information that can be used to create more convincing messages.
How does spear phishing work?
Spear phishing tactics are more carefully crafted and executed than general phishing scams.
Criminals will sometimes study a victim in order to create a campaign. This includes researching who they correspond with, who their coworkers or superiors are and even who their friends and family may be.
Spear phishers don’t usually target high level employees or executives. They tend to hone in on employees that have access to valuable data but can be easily influenced or fooled under pressure. Workers who deal with large volumes of emails are also favored, as they may be less likely to scrutinize a message that purports to be from a colleague who needs login access or sends them a link to check out.
Once a scammer has the information they need, they can use it to escalate their attacks by impersonating someone else through their own email account or utilize the access they have gained to set the stage for more serious efforts like ransomware attacks.
Phishing and brands: Top 10 most impersonated
According to the H1 2022 Phishers’ Favorites report from security firm Vade, here are the top 10 most impersonated brands so far this year:
1. Microsoft
Because Microsoft’s products are ubiquitous among businesses of all shapes and sizes, they are consistently one of the most impersonated brands among scammers.
More than 244 million businesses subscribe to Microsoft’s 365 platform.
If a scammer is able to breach an organization’s Microsoft 365 account, they have access to a plethora of internal systems that can be used to launch a variety of attacks.
2. Facebook
In 2021, Facebook briefly dethroned Microsoft when it came to phishing scams. Because Facebook is so widely used and contains so much personal information, it is ideal for both creating and launching phishing attacks.
If a scammer is able to access a victim’s Facebook account after fooling them into handing over their credentials via a fraudulent email, they have a complete profile to use against other people.
A compromised Facebook profile makes it easy to gain trust and convince other people to click on malicious links. Scammers sometimes send messages to connected individuals that suggest they have appeared in a photo or video that is circulating on the platform.
3. Crédit Agricole
US citizens are likely not familiar with this French financial institution, but it is consistently at the top of the list of impersonated brands.
Crédit Agricole’s charting highlights a universal trend among phishing scams: financial institutions all over the world are regularly impersonated by scammers who know that victims can be easily influenced if they feel their account or money is in danger.
While PayPal is lower on the list this year, users of the platform have surely seen the emails that purport to be from the company alerting them of supposed suspicious activity, password changes or mysterious purchases.
4. WhatsApp
With more than two billion active users, WhatsApp is the world’s most popular messaging application. Its ability to allow users to share documents, create group chats and participate in video and voice calls across country lines makes it a worldwide favorite.
As with Microsoft and Facebook, this popularity lends itself to a degree of danger.
Its wide user base makes WhatsApp a lucrative company to impersonate. As with social media, a compromised account can be used to steal directly from a victim or as a launching pad for additional scams and phishing attempts.
The following six brands make up the rest of Vade’s list:
5. Orange (ISP, telecom)
6. AU (ISP, telecom)
7. MTB (financial services)
8. PayPal (financial services)
9. La Banque Postale (financial services)
10. Google (cloud)
Want to learn how to avoid being scammed? Check out How to identify and prevent phishing attacks.
