We often think of phony financial institution emails as a bad actor's phishing scheme of choice to capture confidential bank account numbers or other private financial information. While those phishing emails certainly do exist, they are easy to spot and ignore when they purport to come from a bank with whom you have no relationship. That may explain why "brand phishing" - a fake email seeming to come from a well-recognized company - is more often associated with businesses with a wider customer base. A bogus email supposedly from Amazon is much more likely to seem legitimate than one from the Industrial and Commercial Bank of China.

Even if you have an account or business relationship with a company, do not assume an email appearing to come from that company is authentic. The list of brands most often imitated varies from period to period but typically includes many of the same companies. According to Check Point Research, the top 10 brands most frequently imitated in phishing attempts during the third quarter of 2020 were:

  • Microsoft – 19%
  • DHL – 9%
  • Google – 9%
  • PayPal – 6%
  • Netflix – 6%
  • Facebook – 5%
  • Apple – 5%
  • WhatsApp – 5%
  • Amazon – 4%
  • Instagram – 4%

It is a safe bet that all of us have used the services of one or more of those companies or visited one or more of those social media sites, very likely in the past few weeks (or days). Scammers know that. And now you know they know that. Put your knowledge to good use.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.