Cybercriminals know the easiest way to sneak under your radar is to pretend to be a brand you know and trust. These large companies have spent years on marketing, customer service, branding and consistency to build a trustworthy reputation, and hackers leverage this to go after you.
The most common method is to use phishing attacks. These thieves set up URLs that look scarily similar to the real company’s website. To slip by your watchful eye, here are some of the simple switches hackers make that can go unnoticed:
- Switching out a zero for the letter “O” or a capital “i” for a lowercase “L.” If you’re quickly reading an e-mail, it might look legit.
- Adding in a word that seems like it could be a subdomain of the real company, like “email@example.com.”
- Using a different domain extension, like “firstname.lastname@example.org.”
Some criminals will take it a step further and set up a web page that looks identical to that of the real website. When you click the link – via e-mail, SMS or even through social media – several dangerous results can occur.
The first is that malware can be installed on your computer. Clicking a bad link can set off an automatic malware download that contains malicious files with the ability to collect personally identifiable information from your device, like usernames, credit card or bank account numbers and more.
The second is the fake website will have a form to harvest your information. This could be login credentials, passwords and, in some cases, your credit or bank information.
The third most common issue is an open redirect. The link might look legit, but when you click on it, you’re redirected to a malicious website where the intent is to steal your information.
What brand impersonations do you need to look out for? Well, all of them, but according to Check Point’s latest Brand Phishing Report, there are 10 companies that top the chart in overall appearance in brand phishing attempts.
Here are the top 10 most frequently impersonated brands in phishing attempts in Q2 of 2023: Microsoft (29%), Google (19.5%), Apple (5.2%), Wells Fargo (4.2%), Amazon (4%), Walmart (3.9%), Roblox (3.8%), LinkedIn (3%), Home Depot (2.5%) and Facebook (2.1%).
Take a minute and ask yourself how many of the companies on this list send you regular e-mail communications. Even just one puts you at risk Cybercriminals go the full mile with these scams. They know what types of messages work best for each company to get your attention.
Here are three common phishing attacks cybercriminals have used under these brands’ good names to gain access to your private information.
- Unusual Activity – These types of e-mails will suggest that someone gained access to your account and you need to change your password quickly. They leverage fear so people will click without thinking, hurrying to change their password before they’re a victim of the attack. They usually have buttons that say, “Review Recent Activity” or “Click Here To Change Your Password.” These e-mails can go as far as to show fake login information detailing the region, IP address, time of sign-in and more, like real messages from the companies do to convince you to click.
- Fake Gift Cards – These e-mails suggest that someone sent you an e-gift card. When you open the e-mail, they either redirect you to a website to “claim your gift card” or have a button to “redeem now.”
- Account Verification Required – These e-mails suggest that your account has been disconnected, and they need you to verify your information. As soon as you enter your login credentials, the hacker has access.
These scams are happening every single day. You’re a target, but so are the unsuspecting employees in your company. Without proper training, they might not know what to look for, panic and try to resolve these “issues” under the radar, ultimately causing the problem.
There are multiple steps to making sure your network is secure. One would be getting e-mail monitoring to help reduce the likelihood of these phishing e-mails ending up in your inbox. It’s also important to make sure employees know what to look for so that if an e-mail does get by the phishing detection system, they can still keep your company safe.
The best thing to do is to call us or visit our website to schedule your FREE Cybersecurity Risk Assessment. We’ll evaluate your network and provide a full report on areas where you are vulnerable and what to do to fix them. There’s no obligation, but you should know where you’re at risk. Call us to schedule your assessment now.
David Javaheri is President & CEO of Direct iT.
They are based in Massachusetts and to find
out more about what they do and how they
could help you, please visit directitcorp.com.