Study: Amazon, DHL, and DocuSign most imitated brands in phishing emails
According to the data presented by the Atlas VPN team, Amazon topped the list as the most impersonated brand in email phishing attacks in 2021 globally. In total, 17.7% of brand phishing emails used Amazon's brand name.
The trillion-dollar brand is closely followed by the world's leading logistics company DHL and a cloud-based electronic signature technology provider DocuSign, each accounting for 16.5% and 12.7% of the brand phishing campaigns, respectively.
Cybercriminals choose to impersonate big brands to lower the guard of their potential victims. Email phishing attacks lure targets to open links to malicious websites designed to infiltrate malware or steal data.
The numbers are based on's Cyber Threat Report 2021/22, which examines the state of global email threats.
Digital payment service provider PayPal occupies the fourth spot on the list. Last year, the brand's name was used in 5.7% of brand impersonation emails.
Next up is the world's largest professional online network LinkedIn. LinkedIn's name was abused in 3.5% of brand phishing campaigns.
Other brands in the top ten include Microsoft (3%), web hosting company 1&1 (2.5%), British telecommunications services provider O2 (2.3%), the social media giant Facebook (2.2%), and British banking group HSBC (1.8%).
How to recognize brand phishing attacks
There is not much organizations can do to prevent cybercriminals from exploiting their brands. However, email users can protect themselves against phishing attempts by taking the matters into their own hands.
While cybercriminals aim to make emails look like they are coming from an official brand, some tell-tale signs can help recognize phishing attacks.
Spelling and grammatical errors. Large brands have professional copywriters and editors to write and proofread communication materials. Therefore, they rarely send out emails ridden with errors.
Inconsistencies in sender address. Apart from grammatical and spelling errors, one of the giveaways that a brand email is a scam is the sender's address. Oftentimes phishers use a similar-looking email address that varies only slightly in an attempt to look authentic. It is advisable to compare the email address with the previous correspondence with the brand to see if they match.
Suspicious URL. Avoid clicking on URLs if you can. You can verify whether the link leads to a website it claims it does by hovering the pointer over the URL and examining the pop-up. If the email displays an official-looking link, however, the URL that shows up in the pop-up does not match or contain an official domain, it is a huge red flag. Also, it is always advisable to type the web address yourself instead of clicking on a provided URL to avoid falling for malicious links.
Requests to provide sensitive information. Emails asking for sensitive details, such as login credentials, should be regarded with caution. It never hurts to confirm with the official organization before providing any personal information.
Suspicious attachments. While actual brands can send attachments, if you have never asked for one, you probably should not open it. Be especially cautious if the attachment has an unfamiliar extension or one associated with malware, such as .zip, .exe., scr., among many others.
Sense of urgency. Scammers often create a sense of urgency or even make threats to encourage you to act quickly, so you do not take time to examine the message more closely.
The email seems off. If the message in the email sounds too good to be true, for instance, informing you won a lottery or asking to do something that you typically never do via email, such as installing a certain program, it is an indication that the email is most likely malicious. In short, if anything at all seems a bit suspicious, verify if the email truly came from where it claims it does.