In the sea of cybercrime, where brand impersonations rule the waters, one particular company proved to be more popular among cybercriminals than all of the others. Can you guess? It’s Microsoft. That comes as little surprise, especially considering the primary goal of a phishing email is to convince the recipient that the email they are reading - and the actions they are being asked to take - comes from a trusted source.
Microsoft’s top spot on the brand impersonation list can be tied to the fast and mighty shift to remote work the world has taken, due to the COVID-19 pandemic. Microsoft Office 365 delivers 24/7 access to software, from any location and, it can be accessed from practically any device with an internet connection. That’s why nearly two million companies in the world are using Office 365. Of those, 41% are U.S. based and 10% are in the United Kingdom, making both countries prime targets for hackers and brand impersonators.1
While there are plenty of different approaches a hacker can take, brand impersonation email phishing generally goes something like this:
- Create a fake website that looks like a Microsoft landing page
- Send a phishing email disguised as a Microsoft request
- Provide them with a link to a fake website and get them to sign into their Office 360 account
- Capture the sign-on credentials
- Take control of their accounts.
- Approve phony invoices
- Send new phishing emails from their account
- Steal sensitive data that can be sold on the dark web
The Most Phished Brands Across Industries
While Microsoft had a healthy lead over the other brand impersonators, plenty of other well-known companies were used in elaborate phishing scams. A glimpse of the top industries and the brands cybercriminals prefer to impersonate include:
Technology - Microsoft
Telecommunications - Zoom
Retail - Amazon
Finance - Chase Bank
Logistics - USPS
INKY, the leading cloud-based email security solution in the war against phishing, caught more than 40,900 unique brand impersonation phishing campaigns in 2020.2 A single campaign can be sent to hundreds of users, with very costly outcomes. With nearly 41,000 different kinds of brand impersonation phish, it’s good to remind yourself of popular and costly tactics.
Ransomware: It might look like a simple link or attachment from a familiar company, but when ransomware is inadvertently downloaded this malicious type of software can lock your company files, freeze your system or networks, and even capture customer data. It’s then held hostage by the cybercriminal until their ransom demands are met.
Business Email Compromise (BEC): One of the most financially damaging types of phishing emails, BEC scammers pretend to be an executive asking for your help. The phishing emails created for these scams will use company logos, brand images, and even fake websites with a familiar look to get what they want. Some gain access to sensitive company files. Others devise elaborate gift card purchasing schemes. Many have been known to convince employees to approve large fund wire transfers.
INKY takes the responsibility of recognizing brand impersonations and similar phishing scams away from employees and IT departments. An award-winning cloud-based email security software, INKY uses computer vision, artificial intelligence and machine learning to provide a level of ingenuity that is unlike other email security platforms. INKY sees things the way humans do, recognizing logos, brand colors, email signatures and more — but it also sees the millions of things humans can’t, spotting imposters by as little as a pixel.
INKY also integrates seamlessly with any email platform. IT departments love INKY’s reporting features, which allow administrators to review phishing threats that have been identified and see how employees are handling them. You can even conduct your own phishing simulations.
Learn more about the brand impersonations facing companies every day by reading INKY’s report, The Top 25 Most Phished Brands. Then, when you’re ready to address the phishing threats facing your company head-on, schedule a demonstration of INKY’s powerful phish-fighting capabilities.
INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.