New Delhi, July 21 (IANS): Microsoft took the top spot in the second quarter (Q2) of 2023 as the most impersonated brand for phishing scams, a new report showed on Friday.
According to Check Point Research, Microsoft climbed up the rankings last quarter, moving from third place in Q1 2023 to the top spot in Q2. The tech giant accounted for 29 per cent of all brand phishing attempts.
Google ranked second, accounting for 19 per cent of all attempts, and Apple ranked third, featuring 5 per cent of all phishing events during the last quarter.
In terms of industry, the technology sector was the most impersonated, followed by banking and social media networks.
"While the most impersonated brands move around quarter to quarter, the tactics that cybercriminals use scarcely do. This is because the method of flooding our inboxes and luring us into a false sense of security by using reputable logos has proven successful time and time again," said Omer Dembinsky, Data Group Manager at Check Point Software.
Moreover, the report said that American banking organisation Wells Fargo took fourth place in Q2 due to a series of malicious emails requesting account information.
Similar tactics were noted in other scams that imitated brands such as Walmart and LinkedIn, which also featured in this report's top ten list taking sixth and eighth place.
"For organisations worried about their own data and reputation, it is key that they take advantage of the right technologies that can effectively block these emails before they have chance to dupe a victim," Dembinsky said.
Further, the report stated that a brand phishing attack occurs when criminals attempt to imitate the official website of a well-known brand by using a similar domain name or URL and a web page design that is similar to the genuine site.
The link to the fake website can be sent to specific individuals via email or text message, a user can be redirected while browsing the web, or it can be triggered by a fraudulent mobile app.
A form on a fake website is frequently used to steal users' credentials, payment information, or other personal information.