SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Retail most impersonated industry for phishing scams in Q323
Thu, 19th Oct 2023

Check Point Research, the Threat Intelligence arm of Check Point Software Technologies, has published its Brand Phishing Report for Q3 2023, which highlights the brands that were most frequently imitated by cybercriminals in their attempts to steal individuals’ personal information or payment credentials during July, August and September 2023.

Last quarter, American multinational retail corporation Walmart emerged as the most imitated brand used in phishing attacks, accounting for 39% of all phishing attempts. This marks a significant jump from sixth place in the previous quarter. Tech giant Microsoft came in second with 14%, while multinational financial services company Wells Fargo ranked third with 8% of such attempts. 

Notably, Mastercard, the second-largest payment-processing corporation worldwide, entered the top 10 list for the first time, ranking in 9th place. The number of phishing campaigns associated with Amazon imitations also remained high, which coincided with the company’s announcement of the 2023 Fall Prime Day sale, known as Prime Big Deal Days, scheduled for the second week of October.

“Phishing remains one of the most prolific types of attack, and we see a mix of brands being imitated across the retail, technology and banking sector. The increased application of AI has also made it more difficult but not impossible to spot the difference between a legitimate and fraudulent email” says Omer Dembinsky, Data Group Manager at Check Point Software. 

“It is important to remain vigilant when opening or engaging with emails from reputable companies. Always check the sender address and accuracy of the message and visit the secure website to carry out any transactions rather than clicking on a link supplied in the email. If organisations become aware of a phishing campaign using their name, they should use verified channels to inform customers and warn against potential threats.” 

In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and a web-page design that resembles the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.

Top Phishing brands

Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q3 2023:

Walmart (39%) Microsoft (14%) Wells Fargo (8%) Google (4%) Amazon (4%) Apple (2%) Home Depot (2%) LinkedIn (2%) Mastercard (1%) Netflix (1%)