Scammers delight in impersonating government agencies and well-known brands to lure email recipients into giving up their personal information. That information is then either exploited directly or sold to the highest bidder on the Dark Web.

Have you ever wondered which agencies, companies or brands are the most imitated by these attackers?

Whether you have or not it should come as no surprise that someone is tracking that.  Security firm Checkpoint is tracking it to be precise.

Quite often Microsoft tops the list but this year they’ve been dethroned by shipping company DHL. That may not be surprising given the realities of the pandemic and the rise in popularity of online shopping.

Here is the list of the top ten for this year from their report:

1. DHL (impersonated in 23 percent of all phishing attacks, globally)
2. Microsoft (20 percent)
3. WhatsApp (11 percent)
4. Google (10 percent)
5. LinkedIn (8 percent)
6. Amazon (4 percent)
7. FedEx (3 percent)
8. Roblox (3 percent)
9. Paypal (2 percent)
10. Apple (2 percent)

The specific lure used in each of these cases varies wildly.  For instance, when a scammer spoofs a shipping company the email is typically some variation of “we’re trying to deliver a package to you but are having problems, press this button for more information.”

While PayPal scams typically go the route of “Your account has been temporarily suspended.  Please click here to verify your information.”

Microsoft and Google are commonly spoofed in various software giveaway schemes. Or in the case of Google some variation of “click here to claim your free Chromebook.”

Now that you are armed with a list of the most often imitated brands you at least have a list of things to be on the lookout for.  The best defense is vigilance just like always.  If it sounds too good to be true it probably is and don’t ever click on embedded links even if you think you know and trust the sender.