The top two names from Q3 remained leaders in Q4, mirroring the pervasiveness of e-commerce logistics and business-productivity communications.

In Q4, the brand most frequently targeted by cybercriminals was again the Q3 leader—Microsoft.

Some 43% of all brand phishing attempts were tied to the technology giant (up from 19% in Q3), as threat actors continued to try to capitalize on people working remotely during the pandemic.

The second most impersonated brand also maintained its position: DHL, linked to 18% of all phishing attempts during the year-end e-commerce shopping period. 

Group by industry, the most likely targets were technology, followed by shipping and retail, with threat actors using well-known brands in these sectors to trick users grappling with remote-working issues and engaging in more e-commerce during lockdowns. 

Top phishing targets: Q4 2020 

Check Point, the firm responsible for these quarterly rankings, lists the following companies by their overall appearance in brand phishing attempts: 

A phishing email using DHL’s branding sent from the spoofed email address
  1. Microsoft (43%) 
  2. DHL (18%)
  3. LinkedIn (6%)
  1. Amazon (5%)
  2. Rakuten (4%)
  3. IKEA (3%)
  4. Google (2%)
  5. Paypal (2%)
  6. Chase (2%)
  7. Yahoo (1%) 

In a brand phishing attack, criminals imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site. The link to the fake website can be sent to targeted individuals by email or text message; a user can be redirected during web browsing; or it may be triggered from a fraudulent mobile application. The fake website often contains login dialog boxes intended to steal users’ credentials, payment details or other personal information.  

Said the firm’s Director, Threat Intelligence & Research, Products, Maya Horowitz: “Criminals increased their attempts in Q4 2020 to steal peoples’ personal data by impersonating leading brands, and our data clearly shows how they change their phishing tactics to increase their chances of success. As always, we encourage users to be cautious when divulging personal data and credentials to business applications, and to think twice before opening email attachments or links, especially emails that claim to from companies such as Microsoft or Google, that are most likely to be impersonated.”