Site navigation

Hackers Start Imitating Social Media to Target Brand Phishing Emails

Michael Behr


Brand phishing social media
While Microsoft remains the most popular company to impersonate in brand phishing attacks, social media sites are becoming increasingly popular.

Cybercriminals are increasingly spoofing social media sites in an attempt to steal people’s personal information or payment credentials.

According to cybersecurity intelligence group Check Point Research (CPR), social media has entered the top three most imitated sectors for the first time, with Facebook, LinkedIn and WhatsApp featuring in the top ten impersonated brands.

The data was published in the new Brand Phishing Report for the third quarter of 2021.

Brand phishing attacks see criminals imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site.

The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application.

The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.

Microsoft continued its reign as the brand most frequently targeted by cybercriminals, albeit at a slightly lower rate. 29% of all brand phishing attempts were related to the technology giant, down from 45% in the second quarter of 2021.

Amazon has replaced DHL in second position, accounting for 13% of all phishing attempts versus 11% in the previous quarter, as criminals look to take advantage of online shopping in the run-up to the holiday season.


“Threat actors are constantly trying to innovate their attempts to steal peoples’ personal data by impersonating leading brands,” said Data Research Group Manager at Check Point Software Omer Dembinsky.

“For the first time this year, social channels have become one of the top three categories exploited by cybercriminals, no doubt in an attempt to take advantage of the increasing number of people working and communicating remotely in the wake of the pandemic.

“Unfortunately, there’s only so much these brands can do to help combat phishing attempts. So often, it’s the human element that often fails to pick up on a misspelt domain, an incorrect date, or another suspicious detail in a text or email.

He added: “As always, we encourage users to be cautious when divulging their data, and to think twice before opening email attachments or links, especially emails that claim to be from companies such as Amazon, Microsoft or DHL as they are the most likely to be imitated. Following the data from Q3, we’d also urge users to be vigilant when it comes to any emails or other communications that appear to be from social media channels such as Facebook or WhatsApp.”

According to the research, the Top phishing brands in Q3 2021 were:

  • 1. Microsoft (related to 29% of all phishing attacks globally)
  • 2. Amazon (13%)
  • 3. DHL (9%)
  • 4. Bestbuy (8%)
  • 5. Google (6%)
  • 6. WhatsApp (3%)
  • 7. Netflix (2.6%)
  • 8. LinkedIn (2.5%)
  • 9. Paypal (2.3%)
  • 10. Facebook (2.2%)

What does a brand phishing email look like?

Check Point witnessed a malicious phishing mail that was trying to steal access credentials to a Google account. The email was sent from the email address Google (no-reply@accounts[.]google[.]com) and contained the subject “Help strengthen the security of your Google Account”.

Check Point noticed that the fraudster had not changed the year in their fraudulent email (“2020 Google”). The attacker was trying to lure the victim to click on a malicious link (http://router-ac1182f5-3c35-4648-99ab-275a82a80541[.]eastus[.]cloudapp[.]azure[.]com) which redirects the user to a fraudulent malicious login page that looks like the real Google login website.

In the malicious link, the user needed to enter their Google account details.

As such, the relative sophistication, and the growing prevalence of brand phishing attacks, makes it imperative for organisations to protect themselves against them.

Michael Behr

Senior Staff Writer

Latest News

%d bloggers like this: