Skip to main content

Google, Amazon and Microsoft top list of impersonated brands used in email phishing attacks

(Image credit: Google)

Exercise caution when you receive an email from Google — is it truly a legitimate electronic communication from the tech megacorp?

According to a new report from Check Point Research, the search engine giant is the most impersonated brand used by phishing attackers to lure unsuspecting victims into their fraudulent traps.

The most impersonated brands used by cybercriminals

Check Point Research published a similar report in Q1 of 2020. During that time, investigators discovered that Apple was the most impersonated brand used by cybercriminals followed by Netflix. Yahoo, WhatsApp and Paypal were in third, fourth and fifth place, respectively.

For Q2 of 2020, Check Point Research investigators spotted a change in behavior among the email phishing world — cybercriminals have their eye on a new set of brands with Google being at the top of their lists. In order of frequency, here are the most impersonated brands during the second quarter of this year:

1. Google

2. Amazon

3. WhatsApp

4. Facebook

5. Microsoft

The most impersonated brands used by email phishing

Q2's top phishing brands (Image credit: Check Point Research)

Cybercriminals often impersonate these brands to lower email users' defenses and elicit trust from unsuspecting victims. Email phishing attackers lure their targets into fraudulent traps with links to malicious web pages that look similar to their clone's authentic website.

Check Point Research

Check Point Researchers show a fake Paypal login page. (Image credit: Check Point Research)

Check Point researchers observed a surge in email phishing during Q2 of 2020. In the first quarter of this year, email phishing was the third most popular avenue for cyberattacks. In the second quarter, email phishing exploits climbed to second place.

"The reason for this change may be the easing of global Covid-19 related restrictions, which have seen businesses re-opening and employees returning to work. Making up nearly a quarter of all phishing attacks, email phishing exploits targeted Microsoft, Outlook and Unicredit, in that order," the Check Point Research report stated.

Thankfully, as we reported in July, Google is rolling out a new feature to thwart phishing attacks. The search-engine giant plans on labeling authentic emails with official badges that signal to email users that the digital mail is coming from a legitimate source. Google calls these badges BIMI (Brand Indicators for Message Identification) logos.

Google is trialing BIMI logos with a limited number of Gmail users, but the company did not specify when the feature will be rolled out to everyone.