Top 50 Most Impersonated Brands in Phishing Attacks Worldwide

Cloudflare Reveals the 50 Most Impersonated Brands for Phishing Attempts

Cloudflare, a leader in internet security, performance, and reliability solutions, has published a list of the 50 most impersonated brands used for phishing attempts. The report also analyzes the industries most affected by identity theft.

The 50 Most Impersonated Brands in Phishing Attacks

Phishing is becoming increasingly common, targeting both individuals and businesses. It is currently the fastest-growing form of cybercrime. Cybercriminals attempt to steal sensitive information, such as credit card numbers, by posing as well-known companies. These attempts can be made through email, SMS, or website URLs with spelling similar to the official site.

Phishing attacks exploit our trust in the brands we appreciate and use daily, making them increasingly difficult to detect, even for the most experienced digital users, according to Matthew Prince, co-founder and CEO of Cloudflare.

Here is the complete ranking of the 50 most impersonated brands (based on data from 2022):

  1. AT&T Inc.
  2. PayPal
  3. Microsoft
  4. DHL
  5. Facebook (Meta)
  6. Internal Revenue Service
  7. Verizon
  8. Mitsubishi UFJ NICOS Co., Ltd.
  9. Adobe
  10. Amazon
  11. Apple
  12. Wells Fargo & Company
  13. eBay, Inc.
  14. Swiss Post
  15. Naver
  16. Instagram (Meta)
  17. WhatsApp (Meta)
  18. Rakuten
  19. East Japan Railway Company
  20. American Express Company
  21. KDDI
  22. Office365 (Microsoft)
  23. Chase Bank
  24. AEON
  25. Singtel Optus Pty Limited
  26. Coinbase Global, Inc.
  27. Banco Bradesco S.A.
  28. Caixa Econômica Federal
  29. JCB Co., Ltd.
  30. ING Group
  31. HSBC Holdings plc
  32. Netflix Inc
  33. Sumitomo Mitsui Banking Corporation
  34. Nubank
  35. Bank Millennium SA
  36. National Police Agency Japan
  37. Allegro
  38. InPost
  39. Correos
  40. FedEx
  41. Linkedin (Microsoft)
  42. United States Postal Service
  43. Alphabet
  44. The Bank of America Corporation
  45. Deutscher Paketdienst
  46. Banco Itaú Unibanco S.A.
  47. Steam
  48. Swisscom AG
  49. LexisNexis
  50. Orange S.A.

Methodology: Cloudflare used DNS resolver data to identify the domains associated with phishing URLs that users clicked on most frequently.

Industries Most Impacted by Identity Theft

Finance, technology, and telecommunications are the sectors with the most impersonated brands.

In finance, malicious actors can access “financial benefits that companies operating in the banking, email, social media, and telephone sectors can provide.”

In technology and telecommunications, cybercriminals through phishing attacks can “intercept emails and SMS messages used for verifying a user’s identity via two-factor authentication. As a result, these phishing attempts can also lead to the compromise of other accounts.”

Source: Cloudflare