Here Are the 10 Brands Cybercriminals Imitate the Most (and How to Spot It)

January 27, 2022


Cybercriminals are all about tricking people into interacting with phishing messages by disguising those messages as something harmless or even desirable. That makes brand fraud or brand impersonation a big deal for businesses. Employees encounter this threat frequently – 25% of all branded emails that companies receive are spoofed or brand impersonation attempts. Brand impersonation isn’t a style of phishing that changes a great deal in substance from scam to scam, but the brands that cybercriminals enjoy impersonating do and there have been some changes on the leaderboard.


AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>


Misrepresentation is a Gateway to Disaster for Businesses


The combination of reliance on email as remote and hybrid work continues and the increasing sophistication of the phishing messages that employees encounter along with a dearth of security awareness training because of the pandemic is a powerful combination for trouble, as many businesses discovered in 2021. The Verizon Data Breach Investigations Report 2021 shows the rapid rise of brand impersonation in the last year. Called “Misrepresentation” in the report, in 2021 brand fraud clocked in 15 times higher than it did in 2020.  

Cybercriminals try to imitate the brands that people interact with the most every day at work and in their daily lives in order to make their messages enticing. Unfortunately for businesses, they’re doing a bang-up job. CISCO’s 2021 Cybersecurity threat trends report shows that at least one person clicked a phishing link in around 86% of the organizations that they studied. In order to keep that number high, cybercriminals pay attention to which brands are hot and use that information to launch new phishing campaigns. New data about the most imitated brands of 2021 shows the result of that trendspotting by the bad guys with a few changes in the lineup of imitated brands that reflect the impact of the pandemic and the changing way in which people shop and do business. 


See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>


10 Brands Cybercriminals Love to Imitate 


The biggest surprise was a shakeup at the top of the list. Traditionally Microsoft holds the top spot. But DHL surpassed them at the end of 2021, accounting for almost a quarter of branded phishing attempts. However, Microsoft didn’t fall too far down the list. Microsoft came in at number two, the brand that cybercriminals mimicked for one-fifth of phishing schemes. Communication juggernaut WhatsApp came in third with Google just on its heels. LinkedIn is still a cybercriminal go-to, but Facebook (now going by Meta) dropped out of the top 10.  

  1. DHL 23% 
  2. Microsoft 20% 
  3. WhatsApp 11% 
  4. Google 10% 
  5. LinkedIn  8% 
  6. Amazon  4% 
  7. Roblox  3% 
  8. FedEx  3% 
  9. PayPal  2% 
  10. Apple  2% 

Microsoft dropping to second place doesn’t reduce the danger of Microsoft-branded phishing for businesses. Approximately 145 million people use Teams/Office 365 every day. That’s a big reason why Microsoft is the perennial champion of brands that are imitated for attachments. Employees handle a lot of Office files. Just under 50% of malicious email attachments arrive in Microsoft Office formats. Microsoft Office formats like Word, PowerPoint and Excel are popular file extensions for cybercriminals to use when transmitting malware via email, accounting for 38% of phishing attacks. The next most popular delivery method: archived files such as .zip and .jar, which account for about 37% of malicious transmissions.  


Learn how incident response planning boosts cyber resilience & security. GET THE EBOOK>>


Can Your Employees Spot a Fake?


Caution when handling branded email can help reduce the chance of interacting with a phishing message. There are a few red flags that are tip-offs that a branded email may be spoofed or faked instead of a genuine message from that brand.  

A Strange or Highly Urgent Subject Line  

Subject lines that feature oddities like “Warning”, “Your funds has” or “Message is for a trusted” should set off alarm bells, especially if the subject line demands urgent action.  

Common Subject Lines for Brand Fraud Messages Aimed at Businesses 

  • Reset Password Required  
  • Update Payment Information 
  • Failed Delivery Attempt 
  • Immediate Action Required 
  • Account Security Alert
  • Final Notice 
  • Overdue Invoice 
  • Pending Invoice 
  • Tracking Link Enclosed 
  • Pending Customs Fees 

An Improper or Unprofessional Greeting 

If the greeting seems strange, be suspicious. Is the greeting in a different style than you usually see from this sender? Is it generic when it is usually personalized, or vice versa? Anomalies in the greeting are red flags that a message may not be legitimate.  

A Message Sent from an Unofficial or Unusual Domain  

Check the sender’s domain by looking at the email address of the sender. A message from a major corporation is going to come from that company’s usual, official domain. For example, If a message carrying a security warning says it is from “Sender@microsoftsecurity.com instead of “Sender@microsoft.com”, it’s likely phishing.  

Odd Word Choices & Grammar  

This is a hallmark test for a phishing message. Check for grammatical errors, usage mistakes, data that doesn’t make sense, variances in the company name or address, strange word choices and problems with capitalization or punctuation. An error-filled message is probably phishing.

Unusual Spelling Mistakes & Emojis 

Even major brands sometimes send out messages with spelling errors. But a message riddled with isn’t likely to be legitimate. This is fast way to suss out phishing. While some brands do use emojis in email subject lines, they’re rarely used in the body of a major branded email. View emojis with suspicion. 

Variations in Style  

Fraudulent messages may have small variations in style from the company that they’re impersonating’s usual emails. Beware of unusual fonts, colors that are just a little off, logos that are odd or formats that aren’t quite right. These are common indicators of a spoofed message.   

Strange Links 

Malicious links are a cybercriminal’s best friend and a common way that malware is distributed. Links that don’t go to the company that supposedly sent the message’s official domain or social media account are dangerous and could be attempts to phish or deploy ransomware.

If It’s Too Good to Be True… 

Be cautious about interacting with messages from any celebrity or a company you’ve never done business with, especially if they seem tailor-made for your company. Messages from government agencies should also be handled with care. For example, the US federal government will never ask you for PII, payment card numbers or financial data through an email message.  


The road to security success begins with 5 Steps to Ransomware Readiness! GET IT>>


Employees Will Fail at Detecting Almost All Sophisticated Phishing Messages 


Employees are frequently relied upon as the last line of defense for companies against phishing. As phishing messages like brand spoofing and fraud grow more sophisticated, they’ve also become much harder for employees to detect, putting their employers in danger. Over 95% of employees cannot spot a sophisticated phishing email. That makes adding an automated email security solution that can tell the difference between a fraudulent message and the real thing a high priority for every organization.  

You need Graphus. Powered by AI and a patented algorithm, automated solutions like Graphus catch 40% more phishing messages than the competition automatically, keeping sophisticated phishing threats like brand impersonation fraud attacks and spoofed messages away from your employees. Put 3 strong layers of protection between phishing messages and your employees.  

TrustGraph is the star of the show, guarding your company’s inboxes against social engineering attacks. Using more than 50 separate data points, TrustGraph analyzes incoming messages to detect trouble before speeding them to their recipients – and it never stops learning, constantly gathering fresh threat intelligence from every analysis it completes.  

EmployeeShield slips into place when a new line of communication comes into your business, adding a bright, noticeable box that warns employees to use caution when handling the message. This empowers every staffer to join your security team by marking a new message safe or quarantining it with one click for administrator inspection. 

Phish911 completes your triple-layered protection by making it easy and painless for employees to report any suspicious message that they receive to an administrator for help. When an employee reports a suspicious message. it is immediately removed from everyone’s inbox to prevent further trouble.    


Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus