Cybercriminals are impersonating social media sites to steal your logins

Hook on Keyboard
(Image credit: wk1003mike / Shutterstock)

Cybercriminals have started impersonating social media companies in their phishing emails, new research has found. 

Cybersecurity experts from Check Point Research analyzed phishing emails sent out during the third quarter of 2021, and found that WhatsApp, LinkedIn, and Facebook, made the top ten most impersonated brands list for the first time this year.

The leader of this infamous list has stayed the same. Microsoft is still being impersonated in almost a third of all phishing attempts (29%), while DHL lost the number two position to Amazon, which now takes up 13%. Still, it seems as Microsoft is no longer that popular among criminals, as the share of phishing emails impersonating the tech giant dropped from 45% in the previous quarter.

Bestbuy, Google, Netflix, and PayPal round off the top ten.

Impersonation hurts brand image

For Omer Dembinsky, Data Research Group Manager at Check Point Software, criminals are increasingly impersonating social media channels due to the increase in remote working. 

The worst part is - brands usually get the blame and have to suffer an eroded brand image. Multiple reports have confirmed that consumers often lose trust in a brand due to impersonation, regardless of the fact that it had nothing to do with the fraud attempt.

“Unfortunately, there’s only so much these brands can do to help combat phishing attempts,” Dembinsky continues. 

“So often, it’s the human element that often fails to pick up on a misspelled domain, an incorrect date, or another suspicious detail in a text or email. As always, we encourage users to be cautious when divulging their data, and to think twice before opening email attachments or links, especially emails that claim to be from companies such as Amazon, Microsoft or DHL as they are the most likely to be imitated." 

"Following the data from Q3, we’d also urge users to be vigilant when it comes to any emails or other communications that appear to be from social media channels such as Facebook or WhatsApp.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.