Criminals continue to impersonate well-known brands to trick people into giving up their personal information.
According to the data presented by the Atlas VPN team, Crédit Agricole, a French financial group, was by far the most used brand in phishing attacks in H1 2021. The brand was linked with 17,755 unique phishing URLs, followed by social media giant Facebook with 17,338 and Microsoft with 12,777.
The figures are based on Phisher’s Favorite Top 25 H1 2021 report by Vade, which looks at the 25 most impersonated brands in phishing attacks a few years ago from January 1, 2021, to June 30, 2021.
Multi-platform messaging service provider WhatsApp is the second social media brand to make the top ten list. It was taken advantage of in 8,727 phishing attacks. Meanwhile, French bank La Banque Postale occupies the fifth spot with 7,180 attacks.
Other brands in the top ten list include multinational telecoms company Orange (4,047), the world’s largest online retailer Amazon (3,501), multibillion-dollar media, entertainment, and communications company Comcast (3,116), digital payment service provider PayPal (2,601), and American national bank Chase (2,537).
Most phishing assaults were perpetrated in Brazil, followed by Russia and Indonesia.
Financial brands were criminals’ favorite
Generally, cybercriminals choose highly-trusted brands in their phishing campaigns. However, brands in certain industries were more favored than others.
Financial service brands were particularly popular in phishing attempts due to the rise in digital payments and growing reliance on online banking during the pandemic. They accounted for 36% of URL phishing attacks in H1 2021.
Cybercriminals spoofed well-known financial brands such as Crédit Agricole, La Banque Postale, PayPal, Chase, Wells Fargo, Square, HSBC, and Banque Populaire to lure out sensitive information from unsuspecting victims.
Social media companies were also heavily impacted. Social media brand impersonation accounted for over a quarter (26%) of all brand phishing attacks in the first half of this year. Apart from Facebook and WhatsApp, Instagram and LinkedIn were common choices for criminals.
Next up is the cloud sector. Cloud companies like Microsoft, Netflix, Adobe, and DocuSign were involved in 17% of URL phishing attacks. Meanwhile, 11% of phishing assaults targeted e-commerce and logistics companies, such as Amazon, DHL, Rakuten, Apple, and eBay.
The remaining 10% of brands spoofed in URL phishing attacks were internet and telecommunication companies, such as Orange, Comcast, Yahoo, SFR (9%), as well as government organizations (1%).
Tips to avoid phishing scams
- Keep your browser up to date. Look out for browser updates. They are released regularly and may contain security patches for vulnerabilities that were discovered on the browser. Cybercriminals often launch attacks to exploit known security vulnerabilities. Therefore it is essential to install any browser updates as soon as they become available.
- Inspect the website’s URL. Carefully inspect the website’s URL before taking any action. Criminals use visually similar characters such as lower case “L” and capital “I” to deceive people into thinking they are on a legitimate website.
- Look for an SSL certificate. Make sure the portal address starts with HTTPS (not with HTTP) and has a green padlock symbol before the web address. This means that the website has an SSL certificate, and the connection is encrypted.
- Beware of grammar mistakes. Scammers rarely hire professional writers to check their copy-cat website’s content for errors. If a website is riddled with spelling mistakes, there is a high chance it is not legitimate.
- Check if the website has been flagged. You can use URL checkers to see if the website has already been flagged. You can find many tools for this purpose by searching “Check URL safety” in Google.
- Use Tracker Blocker. Take advantage of the Atlas VPN Tracker Blocker tool, which stops third-party trackers and blocks malicious websites for a safer browsing experience.
For the Silo, Jarrod Barker.
View Comments (1)
I don’t want you to be another phishing story
A friend was recently talking about a fish story, and I was wondering if it were true. But the words “true” and “fish” made me think about the other type of fishing. It’s called phishing and it’s not just a harmless tale of exaggeration. It made me think of all the times as your MPP I’ve heard reports of phishing scams. Not to mention all the other types of scams for that matter. Today, I’m going to send out a warning about the various scams that target all of us. Forewarned is forearmed, and we should all be ready if we’re approached by scammers.
I’ve had people contact me after being scammed into having unnecessary repairs, renovations done, and having various mechanical systems installed in their homes. All under the guise of either government rebates or loans from a financial or energy company.
I can’t divulge any confidential details, but suffice it to say, these scams have hurt many people in Haldimand-Norfolk. Most incidents involved the criminals tailoring their “advertising” to best suit the generation they were targeting. It could have been phone calls, emails, or letters or even a combination thereof.
This part of the province is filled with hard-working salt-of-the-earth types. For many of us, a person’s word is their bond, and a handshake often seals a deal. It’s hard for us to imagine someone working to earn someone’s trust then stabbing them in the back in a confidence game, but, again, unfortunately it happens right here in our midst.
Because so many here and across Ontario and Canada have been affected, the Competition Bureau of Canada issued some time ago a handy online document called “The Little Black Book of Scams, 2nd edition.” It’s a great way to educate and protect yourself. By the way, The Competition Bureau is a federal entity that “is an independent law enforcement agency that protects and promotes competition for the benefit of Canadian consumers and businesses.” The protection they offer includes anti-fraud/scam measures and thus this document is a key part of their mandate.
“The Little Black Book of Scams” lists predominant types of scams and how we can protect ourselves. Some scam examples (“scamples” perhaps) they discuss are, as I said at the top, phishing. Which seems to be the basis of many of today’s scams. Phishing is cybercrime when a target is contacted by email, telephone, or text message by a criminal posing as a legitimate individual or institution to con folks into providing private and classified data such as banking and credit card details and passwords. Another is Identity Theft, when criminals fraudulently acquire and use a person's private identifying information, often for financial gain.
A couple of other nefarious strategies it touches on, which have gained traction, are Romance Scams and Tax Scams. Scammers operate on dating sites tugging at lonely peoples’ heartstrings with fake identities who seem like Prince Charmings or dream girls. Soon enough the requests for money come in and victims are often left with broken hearts and broken finances. Tax Scams are criminals posing as the Canada Revenue Agency (CRA) telling victims they owe money, and they owe it quickly. Pay now or they will suffer an assortment of penalties. The crooks threaten and pressure to the point some victims have even driven many kilometres to deposit cash to Bitcoin or Crypto ATMs, all of which soars straight into the pockets of these lowlifes.
There are more “scamples” listed within “The Little Black Book of Scams” or easily found using a quick online search. Many of you are aware and well versed, but I think it’s important we get a reminder. We all have weak moments when we let our guard down. For this reason, I urge you to keep your heads up, and if you get approached, just say no. When in doubt, for second opinion, you can always call my office. I don’t want you to be the next phishing story I hear.
The Little Black Book of Scams 2nd edition
Bobbi Ann Brady MPP for Haldimand-Norfolk