Cybercriminals have been doubling down on phishing scams, posing as major brands such as Microsoft and LinkedIn, to steal user login credentials and other personal information, according to a report from threat intelligence firm Palo Alto Unit 42.
The cybersecurity firm found that COVID-19 vaccine-related phishing attacks increased by 530 percent from December 2020 to February, and phishing attacks relating to and/or targeting pharmacies and hospitals rose by 189 percent during that same timeframe, according to the March 24 report.
For its analysis, Palo Alto Unit 42 examined a set of all phishing URLs detected globally between January 2020 and February, pulling sets of specific keywords or phrases that served as indicators for each COVID-19-related topic, such as personal protective equipment, testing kits, treatments and vaccines.
The attackers create fake websites that mimic the company's authentic login page so that when users input their information, the data is sent to the attacker. The user then is redirected to the true company webpage.
Here are the 20 most popular brands targeted during the pandemic, listed in order of most attempted attacks.
1. Microsoft
2. Yahoo
3. Webmail
4. Outlook
5. PayPal
6. Google Accounts
7. LinkedIn
8. Facebook
9. USAA
10. DHL
11. WeTransfer
12. SFExpress
13. Chase
14. OneDrive
15. Wells Fargo
16. Netflix
17. Excel
18. AOL
19. Apple ID
20. Square