author photo
By Bruce Sussman
Thu | Apr 16, 2020 | 5:30 AM PDT

Each year, these companies spend millions of dollars building trust and brand recognition with consumers around the globe.

You can almost hear cybercriminals and hackers cheering them on as the companies become household names. And when they reach that status, hackers pounce on the chance to manipulate those brand names for their cyberattacks.

Most of these attacks start with a phishing email, claiming to be from one of these top brands.

In the year 2020, here are the branded phishing attacks used most often.

Top brands used in phishing attacks 2020

According to new research from Checkpoint, the brand cybercriminals used most in phishing emails is Apple. Here's an example of an Apple phishing email received by a SecureWorld team member:

social-engineering-apple-smishing-VPN

While Apple is the top brand used in phishing attacks, here is a look at the rest of the top 10 phishing brands list for this year:

  1. Apple (10% of all attempts, globally)
  2. Netflix (9%)
  3. Yahoo (6%)
  4. WhatsApp (6%)
  5. PayPal (5%)
  6. Chase (5%)
  7. Facebook (3%)
  8. Microsoft (3%)
  9. eBay (3%)
  10. Amazon (1%)

Mobile smishing (SMS) phishing attempts by brand name 

The company also listed the top four brands used in phishing attacks that arrive on a mobile device, via SMS, known as smishing attacks.

  1. Netflix
  2. Apple
  3. WhatsApp
  4. Chase

Ironically, just before starting to write this story, I received this smishing phish message on my iPhone via SMS:

smishing-example-netflix

I wasn't surprised because Netflix is the number one brand used in phishing attacks on mobile devices and the number two brand overall.

Consequence and cost of phishing attacks

During my recent interview on the 2020 State of the Phish Report with Gretel Egan of Proofpoint Security Awareness, phishing's real-world impact for organizations became very clear.

Egan set this up by sharing failure rates for various departments within an organization. In which parts of an organization are end-users most and least likely to fall for a phish?

state-of-phish-2020-department-level-failure

And then she shared the cost to the organization when end-users click on a phishing email. Based on extensive research with security professionals around the globe, here is the list:

state-of-phish-2020-business-impacts

Phishing attacks lead to loss of data, credential and account compromise, ransomware infection, malware, and even financial loss or wire transfer fraud.

Why do phishing attacks succeed so often?

There can be a lot of reasons employees click on a phishing email.

However, according to Proofpoint's Egan, many organizations are doing less than they can to limit this element of cyber risk.

"About 40% of organizations are only allocating an hour or less to training in a full year. So, we need to think about what can happen in an hour per year if we're really looking at helping people to learn new skills, break bad habits, and change behaviors.

And one thing that stood out for me in the survey is that only about 16% of organizations are providing email reporting tools for employees. And what we advocate for is that organizations do implement these email reporting buttons as an easy way for users to alert InfoSec teams and response teams to potentially detect a malicious attack within the network. Very few organizations are taking advantage of that, which is such a powerful tool."

Listen to our State of the Phish 2020 interview here for much more:

[Download: Proofpoint 2020 State of the Phish Report]

Tags: Phishing, Smishing,
Comments