PayPal and Mastercard most impersonated in financial phishing schemes in 2021
Payment systems and e-shop brands are primarily targeted by cybercriminals, as such companies deal with a lot of sensitive information. Scammers create emails and websites that impersonate the top brands worldwide in hopes of tricking victims into giving up their financial accounts or credit card information.
According to the data presented by the Atlas VPN team, PayPal and Mastercard were the most used brands in financial phishing schemes in 2021. Furthermore, Apple and Amazon were the most abused e-shop brands for phishing attack campaigns.
The data is based on Kaspersky’s Secure List research analyzing financial cyberthreats in 2021. The report examines the design and distribution of financially themed web pages and emails intended to impersonate well-known legitimate sites and organizations to deceive prospective victims into providing their private information.
In financial phishing attacks, PayPal was the most used payment system brand, making up 37.8% in 2021. Cybercriminals set up a page that looks nearly identical to PayPal’s login page and spread the malicious website through emails. Users that fall for the fake website give up complete control of their PayPal accounts to the attackers.
Mastercard occupies the second spot on the list at 12.2%. Threat actors launch phishing attacks related to Mastercard with the intent to obtain your credit card information. Attackers disguise emails, messages, or websites to look like legitimate ones, and the user would be willing to input his sensitive information.
American Express accounted for 10% of phishing attacks related to payment system brands in 2021. Visa phishing scams were used in 9.4% of attacks. All other payment system brands were responsible for 23.6% of financial phishing schemes.
E-shop brands abused in phishing attacks
Scammers trying to benefit from established e-shop brands usually launch phishing attacks during holiday and discount seasons. During such seasons, customers are more likely to purchase something spontaneously without checking whether the website they are visiting is legit.
Cybercriminals impersonated Apple e-shop the most, as it represented 48.78% of financial phishing attacks in 2021. Scammers create fake invoice emails about a purchase of an Apple product. Then such emails are sent out to users expecting them to click on a link in the email to cancel or manage their ‘purchase.’
One of the largest e-commerce brands, Amazon, was used in 21.48% of financial phishing attacks. As Amazon is recognized worldwide and used by many people, scammers are inclined to abuse this brand for their benefit. People who use Amazon could miss the difference between a real and fake email and fall for hacker tricks.
Cybercriminals impersonated eBay in 5.32% of financial phishing schemes in 2021. At the same time, phishing campaigns related to a Chinese multinational tech company Alibaba accounted for 4.14% of attacks. Finally, other e-shop brands represented 21.27% of financial phishing threats.
To avoid getting tricked by a phishing attack targeting payment systems, users should keep in mind several things. Websites impersonating popular brands will always have suspicious domain links, which can help to recognize whether the page is legit easily. Also, emails from scammers might contain grammatical errors, so keep an eye out for that.