Skip to content
2 min read

Increase in Email Phishing Schemes using Brands

Phishing

Phishing schemes aren’t just for your personal accounts, your business accounts are actually more at risk to be used for phishing. Business applications such as Microsoft Office, Zoom, and DocuSign are among the most impersonated in phishing or spoofing attacks. 

45% of impersonation phishing attacks are made to look like they are coming from business brands, GreatHorn researchers say. The second-largest section (34%) of impersonation attacks are made to look like social media brands such as Facebook, LinkedIn, and Twitter, and Consumer apps being the third-largest at 20% for brands such Amazon and PayPal.

What does this mean? When you receive an email from a company whether it be for business or personal use take a look at the reply address. Does it match one that typically comes from that company? If not report it as spam and delete it. Companies will never ask you for your password or any other personal information in an email. If that checks out and there are links in the email before clicking, hover over the links and check the URL you will be visiting. We've condensed these steps down into a checklist below:

Checklist for Email Security

  1. What's the reply address? 

  2. Is it asking me for personal information?

  3. Is it asking me for my password or to reset my password?

  4. Does it want me to visit their website to update information?

  5. Does the URL match the normal URL for this site?

Email security is the top priority for IT and security teams this year, the report, but only 9% of respondents are most worried about brand impersonation attacks. Most (22%) say their greatest concern is people impersonation attacks, in which fraudsters send emails pretending to come from executives, vendors, human resources, or finance teams. Other top concerns include payload attacks (21%) and wire transfer requests (14%). 

It's worth noting that phishing campaigns rarely use one technique, researchers say. More common are multi pronged attacks that may prompt an email recipient to click a link and/or download an attachment, all while pretending to be from a person or brand. Don’t fall victim to a phishing campaign. 

Is your business prepared? Ensure you have these seven security protections in place to protect your business from hackers and cybersecurity threats! Click below to download the free guide to make sure you are protected.

Download free eBook