Monthly Top Phished Brands Report
At RedMarlin Labs, we monitor various brands that are target of online abuse through attacks like phishing. Our URL scanning technology enables us to not only classify a page as phishing but also to assign a brand to it automatically. This helps us classify URL data at scale and derive interesting patterns from the data with respect to brands. In this blogpost, we summarize the data we have from a 1-month period for most phished brands.
Google continues to be the most targeted brand in phishing. We saw about 20% of unique phishing links that we scanned leading to a Google phishing page. These usually contain variants of the Google single sign on page that users see when they login to any Google service. More details of other brands can be seen in the chart below:
We usually expect Google, Paypal and Microsoft (Outlook/Office) to be the most targeted brands from what we’ve observed over the last few months but in May-June, we saw an uptick in Dropbox related phish. There were several variants of Dropbox phish, sometimes also with other brands like Gmail/Yahoo/Outlook combined in one page.
One interesting thing to note was that we saw a rise in DocuSign related phishing after a breach was reported last month. It was the ninth most phished brand in the data we collected.
When it comes to banking/financial services, PayPal continues to be the most targeted brand. We saw relatively fewer traditional big banks being targeted compared to PayPal. Chase and Bank of America were still the most popular brands targeted by phishers but we also saw newer targets like Santander Bank rising to sixth position in our list of more phished brands. It is also worth mentioning that several banks from Europe and Latin America show up in our data but they are usually low in volume and therefore are not included in the chart above.
If you would like to get deeper insight into how your brand is being targeted by bad actors and how RedMarlin can help you mitigate such abuse, please reach out to us through this contact page.
We’ll be back with more insights on brand abuse in our next monthly report.