Google, Facebook, and Amazon Most Targeted Brands For Phishing Attacks

Google, Facebook, and Amazon are the most frequently targeted brands when it comes to phishing attacks, according to Kaspersky’s recent research among 25 popular global companies. Cybercriminals also heavily pursue the credentials and data of other brands, with the number of attacks increasing nearly 1.5 times year-on-year.

Kaspersky analyzed a sample of 25 names from the Best Global Brands 2023 rating by Interbrand for phishing exploitation. In the first half of 2024, people around the world tried to access fake resources impersonating these brands nearly 26 million times, nearly 40 percent more frequently than in January-June 2023. Kaspersky experts attribute this sharp rise to an increase in fraudulent activity rather than a decline in user vigilance: cybercriminals are becoming more aggressive in their pursuit of users’ data and money.

Among the brands studied, cybercriminals primarily targeted Google services in their attempts to steal credentials, such as usernames and passwords. Kaspersky solutions blocked over 4 million attempts worldwide to access phishing websites designed to trick users into providing their Google account information. Following Google, there were around 3.7 million attempts on Facebook users, while Amazon ranked third with approximately 3 million. Microsoft and DHL rounded out the top five with 2.8 million and 2.6 million attempts, respectively. PayPal, Mastercard, Apple, Netflix, and Instagram turned out to be among the top 10 brands targeted by cybercriminals for credentials and money in 2024.

Some brands turned out to be increasingly targeted in phishing attack attempts compared to last year. Phishing for Google has more than tripled, demonstrating 243 percent growth in the first half of 2024 compared to last year. Mastercard has seen a 210 percent rise in attempts to steal sensitive data and money, followed by Facebook and Netflix, both of which experienced a doubling of attack attempts.

“This year has seen a significant increase in phishing attempts targeting Google. If a phisher gains access to a Gmail account, they can potentially access multiple services, making it a prime target. Phishing for Mastercard, typically aimed at stealing money, has likely risen alongside the proliferation of fake online shops pretending to sell goods and offering checkout options with allegedly Mastercard,” says Olga Svistunova, a security expert at Kaspersky. “Interestingly, Microsoft experienced a decline in clicks on phishing resources. Since this brand is frequently targeted for corporate credentials phishing, the decrease may be attributed to improved cyber literacy in various organizations. DHL has also seen a decline, which is a common trend among several transport and logistics brands we analyzed.”

Other brands that didn’t make it into the top 10, but have become increasingly targeted include HSBC, which experienced an eight-fold rise to 240,000 phishing attempts in 2024, and eBay, which saw a three-fold increase to more than 300,000 attacks. Airbnb, American Express, and LinkedIn recorded increases of 174%, 137%, and 122% in attempts, respectively.