The most spoofed brands in 2023 phishing campaigns probably aren't who you expect

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
(Image credit: weerapatkiatdumrong / Getty Images)

Check Point Research (CPR) has released a new report which highlights the brands most frequently imitated in phishing campaigns in 2023 so far, and it contains some surprising results.

The company's Brand Phishing Report for Q1 2023 found several big names, such as Apple didn’t even make the top ten list, with Walmart named as the most frequently imitated brand in phishing attacks in the first quarter of the year, making up 16% of all attempts.

The sudden surge in Walmart phishing attacks, propelled by a campaign notifying victims of a “supply system collapse” and inviting them to click on a malicious survey link, pushed the company up from 13th place last quarter. 

An Austrian bank makes the list

DHL, typically one of the most impersonated brands out there, kept its second place, taking up 13% of all phishing events during the first three months of 2023, with Microsoft rounding off the top three with 12% of attacks.

Generally speaking, the researchers said, the technology sector is the most imitated indutsry, followed by shipping, and retail.

Other companies that made it to the infamous list for the quarter include LinkedIn (6%), FedEx (4.9%), Google (4.8%), Netflix (4%), Raiffeisen (3.6%), and PayPal (3.5%).

Raiffeisen was an interesting addition to this quarter’s list, the researchers said, adding that in this campaign, the recipients were encouraged to click on a malicious link to secure their accounts against fraudulent activity. However, “securing” the account meant giving away identity data which would then get stolen.

“Criminal groups orchestrate phishing campaigns to get as many people to part with their personal data as possible,” said Omer Dembinsky, Data Group Manager at Check Point Software. “In some cases, attacks are designed to obtain account information, as seen with the Raiffeisen campaigns. Others are deployed to steal payment details, which we witnessed with the popular streaming service Netflix.”

The best way to protect against phishing attacks is to educate employees on the dangers of these attacks and train them to use common sense when reading email messages. Most phishing attacks can easily be spotted with a simple visual inspection of the email received. 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.