Walmart Jumps to Top Spot as the Most Impersonated Brand for Phishing Scams in Q3 2023
October 2023 by Check Point Research (CPR)
Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd. has published its Brand Phishing Report for Q3 2023. The report highlights the brands that were most frequently imitated by cybercriminals in their attempts to steal individuals’ personal information or payment credentials during July, August and September 2023.
Last quarter, American multinational retail corporation Walmart emerged as the most imitated brand used in phishing attacks, accounting for 39% of all phishing attempts. This marks a significant jump from sixth place in the previous quarter. Tech giant Microsoft came in second with 14%, while multinational financial services company Wells Fargo ranked third with 8% of such attempts.
Notably, Mastercard, the second-largest payment-processing corporation worldwide, entered the top 10 list for the first time, ranking in 9th place. The number of phishing campaigns associated with Amazon imitations also remained high, which coincided with the company’s announcement of the 2023 Fall Prime Day sale, known as Prime Big Deal Days, scheduled for the second week of October.
“Phishing remains one of the most prolific types of attack, and we see a mix of brands being imitated across the retail, technology and banking sector. The increased application of AI has also made it more difficult but not impossible to spot the difference between a legitimate and fraudulent email” said Omer Dembinsky, Data Group Manager at Check Point Software.
“It is important to remain vigilant when opening or engaging with emails from reputable companies. Always check the sender address and accuracy of the message and visit the secure website to carry out any transactions rather than clicking on a link supplied in the email. If organizations become aware of a phishing campaign using their name, they should use verified channels to inform customers and warn against potential threats.”
In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and a web-page design that resembles the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.
Top Phishing brands
Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q3 2023:
1. Walmart (39%)
2. Microsoft (14%)
3. Wells Fargo (8%)
4. Google (4%)
5. Amazon (4%)
6. Apple (2%)
7. Home Depot (2%)
8. LinkedIn (2%)
9. Mastercard (1%)
10. Netflix (1%)
Amazon Phishing Email – Fake Order Confirmation Scam
This deceptive email, impersonating the Amazon brand, claimed to confirm an order and urged recipients to click an order number link. It contained a subject line “Your Order with Amazon.com”, aimed to create urgency, and featured a malicious link: it\.support\.swift-ness.com (currently inactive) which is not associated with Amazon. It requested recipients to check order status or make changes, displaying order details for credibility.
LinkedIn Phishing Email – False Business Messages Scam
In August 2023, a phishing email impersonating LinkedIn was identified, sent from the address giacomini@napa\.fr and claimed to be from “LinkedIn”.
The email’s subject line is “You have 8 new business messages from ___” (figure1) and contained a brief message, informing recipients of 8 new business messages from the same person, who claimed to be a Sales Manager.
The fraudulent message aimed to deceive recipients into believing they had unread messages on the LinkedIn platform and to read them they need to click on the malicious link: online\.cornection1\.shop (Figure 2), leading to a fake Microsoft login page aimed to steal the user’s credentials.