Brand Phishing Report: Walmart the Most Frequently Imitated Brand

The report from Check Point Research (CPR) highlights the brands most frequently imitated by cyber criminals to steal personal data or payment information in July, August and September 2023.

Last quarter, U.S.-based multinational retailer Walmart was the most frequently imitated brand, accounting for 39 percent of all phishing attempts. A significant jump from 6th place in the previous quarter. Microsoft ranked second with 14 percent, while multinational financial services company Wells Fargo ranked third with eight percent.

Retail, technology and banking sectors in focus

Of note, Mastercard, the world’s second-largest payment processing company, landed in the top 10 list for the first time. The number of phishing campaigns related to Amazon impersonators also remained high. These coincided with the announcement of the Prime Day sale, known as Prime Deal Days, which took place on October 10 and 11.

“Phishing continues to be one of the most common types of attacks. We can see a variety of brands in the retail, technology and banking sectors being impersonated. The increasing use of AI makes it harder – but not impossible – to tell the difference between a genuine email and a fraudulent one,” says Omer Dembinsky of Check Point Software.

Dembinsky recommends, “It’s important to be vigilant when opening or contacting emails from seemingly legitimate companies. Always check the sender’s address as well as the accuracy of the message, and visit the secure website directly to conduct transactions rather than clicking on a link included in the email. On the other hand, if companies learn of a phishing campaign using their name, they should use verified channels to inform customers to warn of potential threats.”

Example 1: Amazon phishing email: Fake order confirmation

A fraudulent email posing as the Amazon brand appears to be an order confirmation. The recipient is asked to click on a link with an order number. It contains the subject line “Your Order with Amazon.com”, which aims to create urgency, and contains a malicious link: it\.support\.swift-ness(POINT)com (currently inactive), which is not associated with Amazon. There, the recipient is asked to check the order status or make changes. For credibility, order details are displayed.

Example 2: LinkedIn phishing email: Fraud with fake business messages

In August 2023, a phishing email disguised as LinkedIn was identified as being sent from the address “giacomini@napa\(PUNKT)fr” but looking like it was fromLinkedIn.The subject line of the email read “Youhave 8 newbusinessmessagesfrom ___” and contained a short message informing the recipient of eight new business messages from the same person posing as a sales manager. The fraudulent message is designed to trick the recipient into thinking they have unread messages on the LinkedIn platform and that to read them they need to click on the malicious link online\.cornection1\(DOT)store.This in turn leads to a fake Microsoft login page designed to steal the user’s credentials.

Top phishing brands

Here’s a breakdown of the 10 brands ranked by their appearance in phishing events in the third quarter of 2023:

Walmart (39 percent)
Microsoft (14)
Wells Fargo (8)
Google (4)
Amazon (4)
Apple (2)
Home Depot (2)
LinkedIn (2)
Mastercard (1)
Netflix (1)