In the second quarter of 2020, Google and Amazon were the brands most imitated by hackers in attempts to steal personal data from innocent web users.
Hackers use socially engineered attacks to lure people to these sites by creating cloned versions of the website that may look almost identical to the genuine webpages. Even the website URL address or domain name may be similar with only subtle differences, such as a spelling or punctuation mistake, that make it hard to tell a fake site from a real site.
This type of hack is known as brand phishing. Cody Rivers, Chief Technology Officer of AIS, a professional IT company, said, “By imitating the websites of well-known brands, cyber criminals use the victim’s familiarity with and trust in these well-known websites to get users to enter personal information or passwords. This data can then be used to gain access to email accounts and other logins, ultimately causing significant damage to both individuals and businesses.”
Attackers often use phishing messages via email or text messages that look like they are from a respected company. These emails will often encourage you to click on a link, for example by enticing you with a great offer or the promise of a refund that is due to you. These links will then lead to the cloned website, asking for private details or credentials.
Phishing messages can look very real at first glance. They may use the logo of well-known brands. Some of the most well-known brands used by scammers include:
- Federal Government Organizations
How to Spot A Phishing Message
Always look at an email address and not just the sender’s name. If the email address looks like it has come from a common email domain rather than a name linked to the brand, then it is highly unlikely that the email is official.
If the email includes links, view the URL that the link will direct you to. If the link is offering financial incentives or reactivating an account that has not been deactivated, it is likely to be a phishing message. Similarly, if an email has an attachment for an invoice for an item you have not purchased, be very wary of opening it.
If the email is written to a generic “Hello Sir” or does not include personal details, you should always be suspicious of whether or not it has come from a company that would have details, such as your name, on file.
Remember, if an email is suspicious, do not click the link. Instead, contact the company on your own and ask if the message was genuine. They will quickly verify whether the message came from themselves and what protocols you can put in place to ensure your account remains secure.
With working from home becoming more common, it is more important than ever that your employees know how to spot a suspicious email when it arrives in their inbox. Encourage them to follow the steps above when reading emails from suspicious senders. An experienced IT provider can provide further tools and knowledge to help you and your employees avoid such scams.