According to a recent Kaspersky survey of 25 popular global companies, Google, Facebook and Amazon are the most frequent targets of phishing attacks. Cybercriminals are also heavily targeting the credentials and data of other companies, with the number of attacks increasing almost 1.5 times year on year.
Kaspersky analyzed a sample of 25 names from the evaluation of Best Global Brands 2023 of Interbrand for a phishing exploit. In the first half of 2024, people around the world tried to access fake resources impersonating these brands almost 26 million times, that is, almost 40% more often than in the period from January to June 2023. Kaspersky experts attribute this spike to an increase in 2024. fraudulent activity rather than a decrease in user vigilance: cybercriminals are becoming increasingly aggressive in obtaining user data and money.
Among the companies studied, cybercriminals primarily targeted Google services in their efforts to steal credentials such as usernames and passwords. The Kaspersky solution has blocked more than 4 million attempts to access phishing websites designed to trick users into providing their account information. After Google, there were about 3.7 million attempts against Facebook users, while Amazon came in third with about 3 million attempts. Microsoft and DHL rounded out the top five with 2.8 million and 2.6 million attempts, respectively. PayPal, Mastercard, Apple, Netflix and Instagram were among the top 10 companies targeted by cybercriminals for credentials and money in 2024.
Some companies are increasingly targeted by phishing attacks compared to last year. Phishing for Google has more than tripled, showing a 243% increase in the first half of 2024 compared to last year. Mastercard saw a 210% increase in attempts to steal sensitive data and money, followed by Facebook and Netflix, which saw attack attempts double.
“This year has seen a significant increase in attempts phishing which targetwhat you do Google. If a phisher gets into a Gmail account, they can potentially access many services, making them a prime target. Mastercard phishing, usually aimed at stealing money, is likely to increase with the proliferation of fake online shops claiming to sell goods and offering checkout options with a fake Mastercard.” said Olga Svistunova, security specialist at Kaspersky. “Interestingly, Microsoft has shown a decrease in clicks on electronic resources phishing. Since then this brand has been targetedtai often for the phishing of corporate credentials, the reduction can be attributed to its improvement digital literacy in various organizations. DHL has also seen a decline, which is a common trend among many companies transport and logistics that we analyzed”.
Other brands that didn’t make the top 10 but are increasingly targeted include HSBC, which saw an eight-fold increase to 240,000 phishing attempts in 2024, and eBay, which saw a three-fold increase with more than 300,000 attacks Airbnb, American Express and LinkedIn saw increases of 174%, 137% and 122% in attempts, respectively.
How to determine if the company you have been targeted by phishers
Although well-known companies are the first targets for cybercriminals, smaller and more niche companies. Fraudsters often target products and services in high demand, seasonal trends or for other reasons. To effectively manage and mitigate these risks:
- Monitor your online presence: regularly search for your brand in search engines, social media and marketplaces. Consider outsourcing this task to a proven cybersecurity provider so you can find phishing resources before someone falls victim. For example, Kaspersky offers a special removal tool.
- Educate and inform your customers: for example, you can list on your official website authorized resources on where to buy your product, highlight official communication channels and publicly report any phishing attempts.
- If you work in a financial or other sensitive sector that often attracts cybercriminals, warn your customers about this fact and draw their attention to the increased risk of fraud. Ask them to be more careful with emails and messages they receive.
- If a phisher takes advantage of your brand, collect information about the fraudulent domain or IP address and any available details. Report suspicious or phishing sites to the appropriate authorities immediately.
- Ask your customers to report any suspicious activity on behalf of your brand. Ask to provide screenshots and other evidence so that you can learn about suspicious actions over time.