Walmart has been named as the brand most likely to be imitated in brand phishing attacks by cybercriminals in their attempts to steal individuals’ personal information in the first quarter of 2023.
According to the latest Brand Phishing Report by Check Point Research, the multinational retail giant topped the ranking last quarter and accounted for 16% of all phishing attempts globally, climbing from 13th place in Q4 2022.
The world is under constant siege from phishing attacks, as evidenced by the staggering number of malicious emails sent daily.
According to recent phishing email statistics, a whopping 3.4 billion phishing emails are sent daily, equating to approximately 1.2% of all emails sent worldwide.
Brand Phishing Statistics for 2023
It is projected that in 2023, over 33 million records will have been extorted by ransomware or phishing attacks.
Cybercriminals are expected to gain unauthorized access to sensitive data belonging to millions of people worldwide.
A noteworthy surge in Walmart-related phishing attacks has been linked to a widespread campaign that coerced unsuspecting individuals into clicking on a deceitful survey link about the purported “supply system failure”.
The report further revealed that DHL maintained the runner-up position with 13% of all phishing incidents, while Microsoft followed closely with 12%.
The report also noted that financial services companies are increasingly targeted in phishing campaigns.
Bank Raiffeisen made the list for the first time, featuring in eight places, accounting for 3.6% of phishing attacks in the quarter.
In the Raiffeisen phishing campaign, recipients were encouraged to click on a malicious link to secure their accounts against fraudulent activity. Once submitted, the details would be stolen by the attacker.
Employees should be given appropriate training to spot suspicious traits such as misspelled domains, typos, incorrect dates, and other details that can expose a malicious email or link,” said Omer Dembinsky, Data Group Manager at Check Point Software.
Criminal organizations carefully orchestrate phishing campaigns with the ultimate goal of acquiring as much personal information as possible from unsuspecting individuals.
Some of these attacks, such as those observed in Raiffeisen campaigns, aim to obtain sensitive account information.
In contrast, others, such as the ones aimed at the popular streaming service Netflix, are designed to pilfer payment details.
These campaigns are becoming increasingly sophisticated, making it essential for individuals to exercise caution when responding to emails or clicking on links.
Brand Phishing in 2023: Protecting data at all costs
According to the F5 Labs Phishing and Fraud Report of 2020, most phishing websites (55%) use targeted brand names to capture sensitive information easily.
Regular security awareness training has helped reduce the rate of employees falling prey to phishing attacks, as stated by 84% of US-based organizations.
According to IBM’s 2022 Data Breach Report, phishing attacks have been immensely successful for 92% of Australian organizations, indicating an alarming 53% increase from the previous year.
The brands most frequently impersonated in these phishing attempts were Amazon and Google, with a 13% share, followed by Facebook and Whatsapp, with 9%, and Apple and Netflix, with a 2% share.
The report also highlighted the disconcerting fact that breaches caused by phishing took an average of 295 days to identify and contain, which was the third-longest period of time for any type of security breach.
This underscores the need for organizations and individuals to remain vigilant against these attacks.
In a brand phishing attack, criminals try to imitate the official website of a well-known brand using a similar domain name or URL and a web page design that resembles the genuine site.
The fake website often contains a form intended to steal users’ credentials, payment details, or other personal information.
The best defense against phishing threats is knowledge, and companies should ensure their employees are trained to recognize suspicious emails or links.