Phishing attacks continue to pose a major threat to organizations across industries. Malicious actors disguise themselves as legitimate messages from trusted brands, attempting to trick users into giving up sensitive information or installing malware.
A perennial questionnaire from Cofense has highlighted phishing campaigns that impersonated trusted brands in the top ten industries they operate in. Microsoft tops the list as the most impersonated brand.
Cofense found that 92.87% of phishing emails analyzed targeted Microsoft users, followed by Adobe and Webmail, accounting for 3.53% and 1.62% respectively.
Be careful with emails from Microsoft
Microsoft spoofing is highly versatile, Cofense warned, with emails mimicking everything from Multi-Factor Authentication (MFA) requests to shared document alerts. The familiarity of Microsoft-related emails makes it easy for attackers to craft convincing phishing attempts.
In the financial and insurance sector, where there is a heavy reliance on document sharing for signatures, Adobe is the second most targeted brand in this sector after Microsoft. DHL and Meta are also common targets.
The manufacturing and mining sectors have Microsoft, Adobe and Webmail at the top of the list. However, it is interesting to note that China Union Pay, a payment service in China, and South African Post Office are among the top five counterfeit brands in this sector.
In the retail sector, Microsoft and Adobe continue to dominate, but due to the logistical nature of the retail industry, DHL comes in third. Canada Post, a major logistics provider, also makes the list, highlighting its focus on phishing campaigns related to the supply chain and delivery.
Even in niche industries like real estate, utilities, and transportation, Microsoft and Adobe are frequently impersonated. Instagram is also a target of impersonation, with attackers often attempting to hijack social media accounts with large followings to spread scams and malware.
Microsoft and Adobe once again top the list in the healthcare sector, but because the industry relies heavily on file sharing, Dropbox and Docusign are often imitated to trick healthcare providers into accessing sensitive patient data.
Phishing emails often imitate legitimate messages from well-known companies, making it easier for attackers to trick users into clicking malicious links or providing sensitive information. It’s crucial to verify the authenticity of unexpected emails from such brands and to watch out for signs of phishing, such as suspicious links, unknown senders, or requests for personal information.