Amazon was the most impersonated brand worldwide in email phishing attacks (opens in new tab) in 2021 according to a new report (opens in new tab) from AtlasVPN (opens in new tab).
Last year, 17.7 percent of brand phishing emails impersonated Amazon while 16.5 percent impersonated the global logistics company DHL and 12.7 percent impersonated the eSign software (opens in new tab) company DocuSign (opens in new tab).
Further down the list, popular payment gateway (opens in new tab) provider PayPal took the fourth spot as its brand was used in 5.7 percent of brand impersonation emails followed by the professional social network LinkedIn whose name was abused in 3.5 percent of brand phishing campaigns. Microsoft (3%), the web hosting (opens in new tab) company 1&1 (2.5%), British telecom O2 (2.3%) social media giant Facebook (2.2%) and the banking group HSBC (1.8%) also made the list as well.
All of these figures come from Hornetsecurity's Cyber Threat Report 2021/22 (opens in new tab) which examines the state of global email threats.
Spotting a brand phishing email
The reason cybercriminals choose to impersonate these and other large brands is to lower the guard of potential victims. Once a victim has been tricked into taking one of these phishing emails seriously, they are then lured into opening links to malicious websites designed to infect their devices with malware (opens in new tab) or steal their data.
While organizations can do very little to prevent cybercriminals from impersonating their brands online, consumers can protect themselves from falling victim to phishing campaigns by learning about and keeping in mind a few tell-tale signs.
> Cybercriminals are impersonating social media sites to steal your logins (opens in new tab)
> These phishing scams impersonate popular shipping companies (opens in new tab)
> This super ambitious phishing campaign impersonated the US Department of Labor (opens in new tab)
As large brands have professional copywriters and editors to proofread all of the emails and other messages the sent out to their customers, spelling and grammatical errors are a dead giveaway that an email isn't official. Likewise, inconsistencies in the sender address in one of these emails can indicate that email is not legitimate.
Cybercriminals often use email addresses that appear similar to a company's official email address in an attempt to dupe potential victims. Suspicious URLs and attachments are also clear giveaways when it comes to phishing emails.
Although those behind brand phishing attacks may try to instill a sense of urgency (opens in new tab) to get users to respond, requests to provide sensitive information are another red flag. This is because large businesses like Amazon would rarely if ever ask their customers to provide sensitive information over email.
Finally, if an email's message seems too good to be true, it probably is. So avoid emails informing you that you have won the lottery or other similar-themed messages at all costs.
Brand phishing isn't going anywhere anytime soon as it can be a very lucrative endeavor for cybercriminals but being able to spot the signs can help protect you from these campaigns and allow you to avoid falling victim to identity theft (opens in new tab).
- We've also highlighted the best antivirus (opens in new tab) and the best firewall (opens in new tab)