Zoom, Microsoft, Amazon most impersonated in phishing scams

Read time 2min 10sec

Microsoft, Zoom and Amazon were the most commonly impersonated companies in phishing attacks in 2020, according to a new report by security firm Atlas VPN.

The study provides statistics for the top 10 most impersonated companies in brand phishing e-mail campaigns in 2020, as well as insights into the most imitated industries.

According to the report, with significantly more people across the globe relying on video-conferencing, online shopping and work from home tools during the COVID-19 pandemic, hackers took advantage of these circumstances to ramp up attacks.

Over 12% of all last year’s phishing e-mails used brand impersonation as their main tactic, notes Atlas VPN.

Phishing campaigns imitating Microsoft and Zoom made up nearly 80% of all brand e-mail phishing campaigns in 2020, with the Microsoft brand being used in 28 536 unique phishing attempts, accounting for 70% of all last year’s brand phishing campaigns.

Zoom, meanwhile, was exploited in 3 803 brand phishing campaigns, which constituted 9% of all such attempts, notes the report.

The third spot in the list is occupied by Amazon, which was taken advantage of in 2 747, or nearly 7%, of all phishing campaigns impersonating well-known brands.

Fraudsters favoured brands and industries that people relied on the most during the pandemic, points out Atlas VPN.

Amazon is followed by American national bank Chase Bank. Up next is RingCentral, a cloud-based phone system provider. Other brand names that made it to the top 10 include Internet fax service provider eFax, financial software provider Intuit, American healthcare company CVS, multinational financial services corporation American Express, and streaming platform and production company Netflix.

In terms of industries, the most impersonated are technology (72%), telecommunications (14%) and retail (8.5%), according to Atlas VPN.

“With Microsoft being the most phished brand, it is not surprising the technology sector dominated phishing e-mails last year. Companies in the technology sector, such as Microsoft, Netflix, DocuSign, LinkedIn, Apple, Dropbox and ADP, were used in close to 72% of all phishing campaigns that imitated existing brands,” notes the report.

Telecoms industry firms, such as Zoom, RingCentral, eFax and AT&T, were taken advantage of in 14% of such phishing attempts in 2020, while retail player names were utilised in 8.5%.

“Finance was another sector favoured by phishers. It was exploited in approximately 6% of all brand phishing attempts in 2020,” states the report.

See also