These companies are the most impersonated in email phishing campaigns

Hook on Keyboard
(Image credit: wk1003mike / Shutterstock)

Amazon was the most impersonated brand worldwide in email phishing attacks in 2021 according to a new report from AtlasVPN.

Last year, 17.7 percent of brand phishing emails impersonated Amazon while 16.5 percent impersonated the global logistics company DHL and 12.7 percent impersonated the eSign software company DocuSign.

Further down the list, popular payment gateway provider PayPal took the fourth spot as its brand was used in 5.7 percent of brand impersonation emails followed by the professional social network LinkedIn whose name was abused in 3.5 percent of brand phishing campaigns. Microsoft (3%), the web hosting company 1&1 (2.5%), British telecom O2 (2.3%) social media giant Facebook (2.2%) and the banking group HSBC (1.8%) also made the list as well.

All of these figures come from Hornetsecurity's Cyber Threat Report 2021/22 which examines the state of global email threats.

Spotting a brand phishing email

The reason cybercriminals choose to impersonate these and other large brands is to lower the guard of potential victims. Once a victim has been tricked into taking one of these phishing emails seriously, they are then lured into opening links to malicious websites designed to infect their devices with malware or steal their data.

While organizations can do very little to prevent cybercriminals from impersonating their brands online, consumers can protect themselves from falling victim to phishing campaigns by learning about and keeping in mind a few tell-tale signs.

As large brands have professional copywriters and editors to proofread all of the emails and other messages the sent out to their customers, spelling and grammatical errors are a dead giveaway that an email isn't official. Likewise, inconsistencies in the sender address in one of these emails can indicate that email is not legitimate. 

Cybercriminals often use email addresses that appear similar to a company's official email address in an attempt to dupe potential victims. Suspicious URLs and attachments are also clear giveaways when it comes to phishing emails.

Although those behind brand phishing attacks may try to instill a sense of urgency to get users to respond, requests to provide sensitive information are another red flag. This is because large businesses like Amazon would rarely if ever ask their customers to provide sensitive information over email.

Finally, if an email's message seems too good to be true, it probably is. So avoid emails informing you that you have won the lottery or other similar-themed messages at all costs.

Brand phishing isn't going anywhere anytime soon as it can be a very lucrative endeavor for cybercriminals but being able to spot the signs can help protect you from these campaigns and allow you to avoid falling victim to identity theft.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

TOPICS