These companies are the most impersonated in email phishing campaigns

News
By published

Brand phishing isn't going anywhere anytime soon

Hook on Keyboard
(Image credit: wk1003mike / Shutterstock)

Amazon was the most impersonated brand worldwide in email phishing attacks in 2021 according to a new report from AtlasVPN.

Last year, 17.7 percent of brand phishing emails impersonated Amazon while 16.5 percent impersonated the global logistics company DHL and 12.7 percent impersonated the eSign software company DocuSign.

Further down the list, popular payment gateway provider PayPal took the fourth spot as its brand was used in 5.7 percent of brand impersonation emails followed by the professional social network LinkedIn whose name was abused in 3.5 percent of brand phishing campaigns. Microsoft (3%), the web hosting company 1&1 (2.5%), British telecom O2 (2.3%) social media giant Facebook (2.2%) and the banking group HSBC (1.8%) also made the list as well.

All of these figures come from Hornetsecurity's Cyber Threat Report 2021/22 which examines the state of global email threats.

Spotting a brand phishing email

The reason cybercriminals choose to impersonate these and other large brands is to lower the guard of potential victims. Once a victim has been tricked into taking one of these phishing emails seriously, they are then lured into opening links to malicious websites designed to infect their devices with malware or steal their data.

While organizations can do very little to prevent cybercriminals from impersonating their brands online, consumers can protect themselves from falling victim to phishing campaigns by learning about and keeping in mind a few tell-tale signs.

Read More

> Cybercriminals are impersonating social media sites to steal your logins

> These phishing scams impersonate popular shipping companies

> This super ambitious phishing campaign impersonated the US Department of Labor

As large brands have professional copywriters and editors to proofread all of the emails and other messages the sent out to their customers, spelling and grammatical errors are a dead giveaway that an email isn't official. Likewise, inconsistencies in the sender address in one of these emails can indicate that email is not legitimate. 

Cybercriminals often use email addresses that appear similar to a company's official email address in an attempt to dupe potential victims. Suspicious URLs and attachments are also clear giveaways when it comes to phishing emails.

Although those behind brand phishing attacks may try to instill a sense of urgency to get users to respond, requests to provide sensitive information are another red flag. This is because large businesses like Amazon would rarely if ever ask their customers to provide sensitive information over email.

Finally, if an email's message seems too good to be true, it probably is. So avoid emails informing you that you have won the lottery or other similar-themed messages at all costs.

Brand phishing isn't going anywhere anytime soon as it can be a very lucrative endeavor for cybercriminals but being able to spot the signs can help protect you from these campaigns and allow you to avoid falling victim to identity theft.

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Paper craft illustration of a suspicious email that contains a snake
How to spot a phishing email
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Everything you need to know about phishing
unblock facebook with vpn
A new Facebook phishing campaign looks to trick you with emails sent from Salesforce
Fraude en ligne phishing
Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Latest in Security
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Code Skull
US government warns Medusa ransomware has hit hundreds of critical infrastructure targets
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Latest in News
Jason Sudeikis' Ted Lasso pointing at someone in Ted Lasso season 2
Believe it, baby: Ted Lasso season 4 is officially in development for Apple TV+ – and Jason Sudeikis will reprise his role as the titular soccer coach
Rainbow Six Siege X promotional art.
The Tom Clancy's Rainbow Six Siege X 6v6 mode might finally pull me away from Black Ops 6
A close up of the new web version of Apple Music Classical
Apple Music Classical is now available on the web, but its Mac app is still nowhere in sight
Silent Hill f
Silent Hill f will present players with 'a beautiful yet terrifying choice', and I can't wait to see what it is
Google Chromecast 2
Google is finally rolling out a fix for broken Chromecasts – just as new bugs appear on the Chromecast with Google TV
Garmin Instinct 3 in Neotropic Green
"I'm an idiot": Garmin user reveals how fixing one setting completely changed their training after months of making no progress
More about security
Code Skull

US government warns Medusa ransomware has hit hundreds of critical infrastructure targets
Abstract image of cyber security in action.

MassJacker malware targets those looking for pirated software
China

Volt Typhoon threat group had access to American utility networks for the best part of a year
See more latest
Most Popular
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Jason Sudeikis' Ted Lasso pointing at someone in Ted Lasso season 2
Believe it, baby: Ted Lasso season 4 is officially in development for Apple TV+ – and Jason Sudeikis will reprise his role as the titular soccer coach
Code Skull
US government warns Medusa ransomware has hit hundreds of critical infrastructure targets
A close up of the new web version of Apple Music Classical
Apple Music Classical is now available on the web, but its Mac app is still nowhere in sight
Silent Hill f
Silent Hill f will present players with 'a beautiful yet terrifying choice', and I can't wait to see what it is
Rainbow Six Siege X promotional art.
The Tom Clancy's Rainbow Six Siege X 6v6 mode might finally pull me away from Black Ops 6
A woman holds a phone and looks concerned in Caught
Netflix drops an eerie trailer for a new Harlan Coben show – I just hope Caught is better than the author's previous TV adaptations
The TikTok logo appears on a smartphone screen with the United States flag in the background
Oracle could still end up running TikTok
Google Chromecast 2
Google is finally rolling out a fix for broken Chromecasts – just as new bugs appear on the Chromecast with Google TV
Apple iPhone 16e REVIEW
Some iPhone 16e owners are reporting Bluetooth audio issues that could be an iOS problem