Phishing: Microsoft the most counterfeited brand, created hundreds of illegal sites

According to data released by Atlas Vpn based on Zscaler's ThreatLabz 2022 report, by leveraging the company's products and solutions and the widespread use of the Office package, cybercriminals aim to get hold of data and credentials. 02 May 2022 Veronica Balocco

Phishing cybercriminals often impersonate well-known brands, leveraging consumer trends to scam unsuspecting customers. Productivity tools, illegal streaming sites, retail sites, social media, finance, and many other services are often imitated brands. But what is the most popular brand to set up these scams? According to data released by Atlas Vpn based on Zscaler's ThreatLabz 2022 report (DOWNLOAD THE FULL REPORT HERE), in 2021 this primacy belonged to Microsoft, flanked by illegal streaming sites. The research, which examines phishing data collected in the Zscaler cloud year to identify critical trends, industries, risky geographies, and emerging tactics, reveals that, in particular, cybercriminals personified Microsoft product pages in 36.6% of phishing attacks in 2021. In addition to Microsoft sign-in websites, other products include OneDrive and Office 365. The report notes that Microsoft has a wide range of products used by millions of users around the world who could become potential victims of a phishing attack. Covid-19 themed attacks Threat actors mimicked illegal streaming websites in 13.6% of phishing attacks. The use of illegal streaming sites has increased due to the pandemic, "as people - explains the report - have been left in their homes with nothing to do". Illegal streaming sites are generally risky, as they do not have a high level of security. Covid-19-themed phishing attacks accounted for 7.2% of social engineering scams. Covid-related phishing websites can be exceptionally deceptive for internet users as they are relatively new. Most people don't know the differences between legitimate and phishing websites, which means that threat actors can use newly registered domains without causing concern. Cybercriminals played Telegram in 6.5% of phishing attacks. At the same time, Amazon-related phishing attacks accounted for 5.8% of social engineering attacks. Other major brands such as PayPal, Binance, Google and Facebook were imitated by threat actors in less than 3% of attacks. Phishing targets retail businesses and government Threat actors launch phishing attacks on industries that hold large amounts of sensitive customer information. Employing social engineering mechanisms in attacks, cybercriminals send out emails and create fake websites in search of possible victims. The retail and wholesale sector suffered 436% more phishing attacks in 2021 than in 2020. Threat actors took advantage of the pandemic when people started shopping online more often. When phishing attacks target retailers, the actual losses are consumer trust and brand reputation. Phishing attacks on the government sector increased by 110% in 2021. State-sponsored threat actors usually carry out cyber attacks against the government. Targeting ministries of foreign affairs or defense, cybercriminals are trying to steal confidential information or gain access to the network to launch more malicious attacks. The financial and insurance sector saw a 101% increase in phishing attacks in 2021. Phishing attacks on educational organizations increased by 32% in 2021 compared to 2020. At the same time, the manufacturing industry has suffered 6% more social engineering attacks. ICT: 15% fewer attacks On the other hand, a couple of industries have suffered some relief from phishing attacks in 2021. Cybercriminals have targeted the technology and communications industry with 15% less than in 2020. Phishing attacks on the service industry decreased by 33%. Finally, the rate of phishing in healthcare fell by 59%. Phishing attacks require the user to recognize and assess the potential danger. However, people are prone to making mistakes, and a well-structured social engineering attack could fool almost anyone. Therefore, being aware of how phishing attacks work is essential to mitigate the risks of threats.