Scammers Are Using These 10 Popular Brands To Trick You Into Revealing Your Private Data
Cybercriminals have a strategy to sneak under your radar. They pretend to be a brand you know and trust. These large companies have spent years on marketing, customer service, branding, and consistency. They build a trustworthy reputation. Hackers leverage this reputation to go after you.
The most common method is to use phishing attacks. These thieves set up URLs that look scarily similar to the real company’s website. To slip by your watchful eye, here are some of the simple switches hackers make that can go unnoticed:
- Switching out a zero for the letter “O” or a capital “i” for a lowercase “L.” If you’re quickly reading an e-mail, it might look legit.
- Adding in a word that seems like it could be a subdomain of the real company, like “info@googleservice.com.”
- Using a different domain extension, like “info@google.io.”
Some criminals will take it a step further. They will set up a web page that looks identical to that of the real website. When you click the link – via e-mail, SMS or even through social media – several dangerous results can occur.
The first is that malware can be installed on your computer. Clicking a bad link can automatically download malware. This download contains malicious files. These files can collect personally identifiable information from your device, like usernames, credit card numbers, bank account numbers, and more.
The second is the fake website will have a form to harvest your information. This could be login credentials, passwords and, in some cases, your credit or bank information.
The third most common issue is an open redirect. The link might look legit. However, when you click on it, you’re redirected to a malicious website. The intent is to steal your information.
What brand impersonations do you need to look out for? Well, all of them. According to Check Point’s latest Brand Phishing Report, 10 companies lead the chart. They have the highest appearance in brand phishing attempts.
Here Are The Top 10 Most Frequently Impersonated Brands In Phishing Attempts In Q2 Of 2023:
- Microsoft (29%)
- Google (19.5%)
- Apple (5.2%)
- Wells Fargo (4.2%)
- Amazon (4%)
- Walmart (3.9%)
- Roblox (3.8%)
- LinkedIn (3%)
- Home Depot (2.5%)
- Facebook (2.1%)
Take a minute and ask yourself how many of the companies on this list send you regular e-mail communications. Even just one puts you at risk.
Cybercriminals go the full mile with these scams. They know what types of messages work best for each company to get your attention.
Here are three common phishing attacks. Cybercriminals have used these tactics under these brands’ good names. Their goal is to gain access to your private information.
1. Unusual Activity – These types of e-mails will suggest that someone gained access to your account. They will urge you to change your password quickly. They prey on fear. This leads people to click without thinking. They hurry to change their password before becoming a victim of the attack.
They usually have buttons that say, “Review Recent Activity” or “Click Here To Change Your Password.”
These e-mails can show fake login information. They detail the region, IP address, and time of sign-in. This information resembles real messages from the companies. It is used to convince you to click.
2. Fake Gift Cards – These e-mails suggest that someone sent you an e-gift card. When you open the e-mail, they redirect you to a website to “claim your gift card.” Alternatively, there is a button to “redeem now.”
3. Account Verification Required – These e-mails suggest that your account has been disconnected. They need you to verify your information. As soon as you enter your login credentials, the hacker has access.
These scams are happening every single day. You’re a target, but so are the unsuspecting employees in your company. Without proper training, they might not know what to look for. They might panic and try to resolve these “issues” under the radar. This ultimately causes the problem.
There are multiple steps to making sure your network is secure. One would be getting e-mail monitoring to help reduce the likelihood of these phishing e-mails ending up in your inbox. It’s also important to train employees on what to look for. If a phishing email bypasses the detection system, they can still keep your company safe.
The best thing to do is to start here with your FREE Cybersecurity Risk Assessment. We’ll evaluate your network. We will then provide a full report on areas where you are vulnerable. We also provide guidance on what to do to fix them. There’s no obligation, but you should know where you’re at risk. Click here to schedule your assessment now.