Google, Facebook and Amazon users prime targets for credential theft in 2024

According to a recent Kaspersky survey of 25 popular global companies, Google, Facebook and Amazon are the most frequent targets of phishing attacks. Cybercriminals also heavily target other companies' credentials and data, with the number of attacks increasing by almost 1.5 times year-on-year.

Kaspersky analyzed a sample of 25 names from Interbrand's Best Global Brands 2023 rating for phishing exploitation. In the first half of 2024, people around the world attempted to access fake resources posing as these brands nearly 26 million times, nearly 40% more often than in January-June 2023. Kaspersky experts attribute this sharp increase to a rise in fraudulent activity rather than a decrease in user vigilance: cybercriminals are becoming increasingly aggressive in order to obtain users' data and money.

Among the companies studied, cybercriminals mainly targeted Google services in their attempts to steal credentials such as usernames and passwords. Kaspersky's solutions blocked over 4 million attempts to access phishing sites designed to trick users into providing their account details. After Google, there were around 3.7 million attempts against Facebook users, while Amazon came in third place with around 3 million attempts. Microsoft and DHL rounded out the top five with 2.8 million and 2.6 million attempts, respectively. PayPal, Mastercard, Apple, Netflix and Instagram were among the top 10 companies targeted by cybercriminals for credentials and money in 2024.

Some companies proved to be increasingly targeted in phishing attack attempts compared to last year. Phishing for Google has more than tripled, showing an increase of 243% in the first half of 2024 compared to last year. Mastercard has seen a 210% increase in attempts to steal sensitive data and money, followed by Facebook and Netflix, which have seen a doubling of attack attempts.

Other brands that did not make the top 10 but are increasingly being targeted include HSBC, which saw an eight-fold increase, reaching 240,000 phishing attempts in 2024, and eBay, which saw a three-fold increase with more than 300,000 attacks. Airbnb, American Express and LinkedIn saw increases of 174%, 137% and 122% in attempts, respectively.

How to determine if your company has been targeted by phishers

While well-known companies are prime targets for cybercriminals, smaller and more niche companies are not immune. Fraudsters often target products and services with high demand, seasonal trends or for other reasons. To effectively manage and mitigate these risks:

• Monitor your online presence: regularly look for your brand name in search engines, social media and marketplaces. Consider outsourcing this work to a proven cybersecurity provider to find phishing resources before someone falls victim. For example, Kaspersky offers a dedicated takedown tool.
• Educate and inform your customers: for example, you can list on your official website authorised resources on where to buy your product, point out official contact channels and publicly report any phishing attempts.
• If you work in a financial or other sensitive sector that often attracts cyber criminals, warn your customers of this fact and draw their attention to the increased risk of being defrauded. Ask them to be more careful with the emails and messages they receive.
• If a phisher exploits your brand, collect information about the fraudulent domain or IP address and any available details. Report suspicious or phishing sites to the relevant authorities immediately.
• Ask your customers to report all suspicious activities carried out on behalf of your brand. Ask them to provide screenshots and other evidence so you can learn about suspicious activity in a timely manner.