Cloudflare, Inc., the security, performance, and reliability company helping to build a better Internet, today published a global report on the Top 50 Brands Used in Phishing Attacks.
The worldwide network of Cloudflare protects nearly 20% of all websites, and its email security service prevented 2.3 billion spam emails from reaching inboxes in 2022. Because of this, Cloudflare can proactively protect its Zero Trust clients by using machine learning and data analysis to gain a unique insight into the phishing domains that Internet users are most likely to click on.
“Phishing” refers to an attempt to steal sensitive information like usernames, passwords, credit card numbers, bank and crypto account information, or other important data to utilize or sell the stolen information.
Phishing has become the Internet’s most rapidly increasing form of crime that poses a danger to both individuals and organizations. Phishing perpetrators impersonate trustworthy sources, enticing their victims with appealing offers or threatening consequences, similar to how fishermen use bait to attract fish. Such schemes often involve emails, text messages, or websites with URLs that seem to belong to reputable brands but are designed by malicious actors.
Matthew Prince, co-founder and CEO, Cloudflare said “Phishing attacks prey on our trust in the brands we love and use every day, and are becoming more difficult to spot for even the most digitally-savvy person. Our sanity, bank accounts, and passwords shouldn’t be compromised because we glossed over a misspelt ‘from’ field or accidentally clicked on an obscure URL.”
Prince added “We’ve extended our Zero Trust services with real-time protection against new phishing sites, so our customers won’t fall victim to attacks leveraging the brands they trust.”
Most Impersonated Brand of 2022: AT&T Inc. The top 50 brands most commonly impersonated by phishing URLs are:
The most frequently impersonated businesses, according to Cloudflare, were those in the financial, technological, and telecommunications sectors. This is largely due to the unprecedented financial advantage and access that bank accounts, email, social media, and phone companies can provide attackers. Technology and telecom companies are a unique danger because phishing attacks can intercept the emails and text messages that are used to validate a user’s identity via two-factor authentication. As a result, other accounts may also become compromised as a result of these phishing efforts.
Cloudflare also announced new capabilities to provide customers with the most comprehensive and effective phishing protection available. Building on Cloudflare Area1’s recent launch of advanced Zero Trust email security tools, customers can now automatically and immediately identify and block “confusable” domains to better protect their corporate networks.
By using Cloudflare Gateway, customers can create zero trust rules that can protect against phishing attacks, like the one that posed a threat to Cloudflare and other companies by using the “cloudflare-okta.com” domain last summer. Attackers created this misleading domain and sent it to employees just 40 minutes after its creation. The offering helps to prevent employees from accessing or resolving “confusable” or lookalike domains.
