Blog
USPS jumps to first place as most imitated brand in phishing attacks | Q1

USPS jumps to first place as most imitated brand in phishing attacks | Q1

Reviewed by
The latest Brand Phishing Report from Guardio for Q1 2024 exposes USPS and Microsoft as the most imitated brands in phishing attacks, with Meta not far behind. The findings stress an uptick in sophisticated scams, notably leveraging deepfake AI to craft convincing celebrity-endorsed frauds.
Table of Contents
The latest Brand Phishing Report from Guardio for Q1 2024 exposes USPS and Microsoft as the most imitated brands in phishing attacks, with Meta not far behind. The findings stress an uptick in sophisticated scams, notably leveraging deepfake AI to craft convincing celebrity-endorsed frauds.

Key Takeaways

Guardio’s Brand Phishing Report for Q1 2024 reveals that USPS is the prime target for phishing impersonations, climbing from 12th place two quarters ago to first place. The report also highlights the concerning rise of deepfake scams, showing how scammers manipulate media.

TL;DR

According to Guardio’s analysis covering January through March 2024, USPS was impersonated in 11.6% of all phishing attempts, marking a significant pivot towards brands associated with daily communications and online transactions. The USPS brand's leap from 12th to first in brand misuse within just two quarters underscores a distressing rise in its exploitation by scammers to deceive individuals. Microsoft, Meta (formerly Facebook), and Steam were among the top impersonated brands, indicating a continued threat to users across technology, gaming, and social media sectors.

The report details the percentage of impersonations for the top ten brands, including:

  1. USPS (11.6%)
  2. Microsoft (9.3%)
  3. Meta (6.3%)
  4. Steam (3.2%)
  5. Telegram (2.9%)
  6. AT&T (2.7%)
  7. Charles Schwab (2.6%)
  8. Uniswap  (2.3%)
  9. DHL (2.3%)
  10. OneDrive (2.0%)

The early months of 2024 have shown that cybercriminals are diversifying their methods, extending beyond the traditional focus on technology and retail sectors in previous years. For instance, the cloud-based instant messaging service Telegram and the telecommunications giant AT&T were among the top brands phishers attempted to mimic, with respective impersonation percentages of 2.9% and 2.7%. AT&T recently announced a massive breach of customers' data, affecting over 70 million people. The breach will make it even easier for scammers to pose as AT&T customers and perform phishing scams.

The alarming surge in phishing scams using the USPS brand

The exploitation of the United States Postal Service (USPS) brand for phishing scams has seen a dramatic rise, climbing from 12th place two quarters ago to first place in brand abuse in the first quarter of 2024.

Chart depicting USPS rise as leading phishing brand

The spike in USPS phishing scams is likely due to more people turning to delivery services for their online purchases, making it an attractive target for scams. Similarly, scammers also mimic trusted brands like Meta and Microsoft to take advantage of people's trust in these companies.

A closer look at phishing tactics

USPS 11.6%: Scammers send emails or texts posing as USPS, claiming an issue with package delivery and requesting personal information to resolve it. These scams include a link to a fake website designed to steal login credentials or to a bogus tracking site.

USPS phishing text

Microsoft 9.3%: In most phishing email attempts, cybercriminals pose as Microsoft support, alleging an issue with the user's account or software. Unsuspecting individuals are lured into clicking a link that either installs malware or redirects them to a phishing webpage.

Microsoft fake sign in popup

Meta 6.3%: Fake Meta emails urge users to click a link to "verify" their accounts in a claim that their account has been restricted. This link directs to a phishing site miming Meta's login page, aiming to capture usernames and passwords.

Fake Meta login page

Steam 3.2%: Scammers target gamers with emails, texts, or in-platform messages, pretending there's an issue with their Steam account or payment for a game. These messages often include links to fake websites resembling Steam's login page, where victims unknowingly enter their payment details.

Fake Steam login page

The Rise of deepfakes in Q1: A new frontier in cyber deception

The escalation of deepfake technology in scams, leveraging celebrities' faces and voices, represents a concerning advancement in manipulated media, blurring the lines between reality and deception in the digital age.

Deepfake cookware scam: Using advanced AI, scammers create realistic deepfake videos of celebrities endorsing luxury cookware, directing consumers to scam websites for non-existent products that end up getting hold of sensitive information.

Beauty product deepfake frauds: Similarly, the beauty industry is not immune, with deepfake renditions of Jennifer Aniston and Jennifer Lopez promoting Ulta Beauty products. These scams leverage the lifelike appearance of celebrity endorsements to funnel consumers toward scam websites.

Fake Ulta ads

Summary:

With the convenience of having everything delivered to your doorstep with just one click, and as our lives become more digital, the risk of identity theft and financial loss is rising. Scammers quickly adapt to every new trend and exploit the rising popularity of online shopping and trust in well-known brands, as shown by the increasing imitations of USPS, Meta, and other known brands.

This situation is becoming even more challenging due to the advancement of AI, which we are just starting to encounter. Deepfake scams are only a beginning, as the vast advancements of AI will undoubtedly result in new forms of phishing. According to the FTC, with over $10 billion lost to fraud in 2023, it's a clear signal of how critical it is for us to stay vigilant and protect our online presence, especially as technology advances and scammers evolve along with it.

CMS-based CTA:
Add Guardio to BrowserTake Security Quiz
Default CTA:
Smart protection, built for how you live online
Stay ahead of threats with real-time insights and proactive protection.
Add Guardio to BrowserTake Security Quiz
CMS-based "Did you know?" block
Did you know?
Default "Did you know?" block
Did you know?

Make sure you have a personal safety plan in place. If you believe someone is stalking you online and may be putting you at risk of harm, don’t remove suspicious apps or confront the stalker without a plan. The Coalition Against Stalkerware provides a list of resources for anyone dealing with online stalking, monitoring, and harassment.

Guardio Security Team
Guardio’s Security Team researches and exposes cyber threats, keeping millions of users safe online. Their findings have been featured by Fox News, The Washington Post, Bleeping Computer, and The Hacker News, making the web safer — one threat at a time.
Tips from the expert

Related articles

FAQs

No items found.
Table of Contents
Can You Spot a Scam Text Message?
Test your skills and learn how to protect yourself from online scams.
Take the quiz now
Can You Spot a Scam Text Message?
Test your skills and learn how to protect yourself from online scams.
Take the quiz now