Guardio’s Brand Phishing Report for Q1 2024 reveals that USPS is the prime target for phishing impersonations, climbing from 12th place two quarters ago to first place. The report also highlights the concerning rise of deepfake scams, showing how scammers manipulate media.
TL;DR
According to Guardio’s analysis covering January through March 2024, USPS was impersonated in 11.6% of all phishing attempts, marking a significant pivot towards brands associated with daily communications and online transactions. The USPS brand's leap from 12th to first in brand misuse within just two quarters underscores a distressing rise in its exploitation by scammers to deceive individuals. Microsoft, Meta (formerly Facebook), and Steam were among the top impersonated brands, indicating a continued threat to users across technology, gaming, and social media sectors.
The report details the percentage of impersonations for the top ten brands, including:
-
USPS (11.6%)
-
Microsoft (9.3%)
-
Meta (6.3%)
-
Steam (3.2%)
-
Telegram (2.9%)
-
AT&T (2.7%)
-
Charles Schwab (2.6%)
-
Uniswap (2.3%)
-
DHL (2.3%)
-
OneDrive (2.0%)
The early months of 2024 have shown that cybercriminals are diversifying their methods, extending beyond the traditional focus on technology and retail sectors in previous years. For instance, the cloud-based instant messaging service Telegram and the telecommunications giant AT&T were among the top brands phishers attempted to mimic, with respective impersonation percentages of 2.9% and 2.7%. AT&T recently announced a massive breach of customers' data, affecting over 70 million people. The breach will make it even easier for scammers to pose as AT&T customers and perform phishing scams.
The alarming surge in phishing scams using the USPS brand
The exploitation of the United States Postal Service (USPS) brand for phishing scams has seen a dramatic rise, climbing from 12th place two quarters ago to first place in brand abuse in the first quarter of 2024.
The spike in USPS phishing scams is likely due to more people turning to delivery services for their online purchases, making it an attractive target for scams. Similarly, scammers also mimic trusted brands like Meta and Microsoft to take advantage of people's trust in these companies.
A closer look at phishing tactics
USPS 11.6%: Scammers send emails or texts posing as USPS, claiming an issue with package delivery and requesting personal information to resolve it. These scams include a link to a fake website designed to steal login credentials or to a bogus tracking site.
Microsoft 9.3%: In most phishing email attempts, cybercriminals pose as Microsoft support, alleging an issue with the user's account or software. Unsuspecting individuals are lured into clicking a link that either installs malware or redirects them to a phishing webpage.
Meta 6.3%: Fake Meta emails urge users to click a link to "verify" their accounts in a claim that their account has been restricted. This link directs to a phishing site miming Meta's login page, aiming to capture usernames and passwords.
Steam 3.2%: Scammers target gamers with emails, texts, or in-platform messages, pretending there's an issue with their Steam account or payment for a game. These messages often include links to fake websites resembling Steam's login page, where victims unknowingly enter their payment details.
The Rise of deepfakes in Q1: A new frontier in cyber deception
The escalation of deepfake technology in scams, leveraging celebrities' faces and voices, represents a concerning advancement in manipulated media, blurring the lines between reality and deception in the digital age.
Deepfake cookware scam: Using advanced AI, scammers create realistic deepfake videos of celebrities endorsing luxury cookware, directing consumers to scam websites for non-existent products that end up getting hold of sensitive information.
A scam ad on Facebook, Instagram, and TikTok claims Taylor Swift is collaborating with Le Creuset, offering free cookware sets. This ad takes you to a fake website that aims to steal personal information and asks you to pay a "delivery fee". pic.twitter.com/DGxIK5gZ44
— Guardio (@GuardioSecurity) January 8, 2024
Beauty product deepfake frauds: Similarly, the beauty industry is not immune, with deepfake renditions of Jennifer Aniston and Jennifer Lopez promoting Ulta Beauty products. These scams leverage the lifelike appearance of celebrity endorsements to funnel consumers toward scam websites.
Summary:
With the convenience of having everything delivered to your doorstep with just one click, and as our lives become more digital, the risk of identity theft and financial loss is rising. Scammers quickly adapt to every new trend and exploit the rising popularity of online shopping and trust in well-known brands, as shown by the increasing imitations of USPS, Meta, and other known brands.
This situation is becoming even more challenging due to the advancement of AI, which we are just starting to encounter. Deepfake scams are only a beginning, as the vast advancements of AI will undoubtedly result in new forms of phishing. According to the FTC, with over $10 billion lost to fraud in 2023, it's a clear signal of how critical it is for us to stay vigilant and protect our online presence, especially as technology advances and scammers evolve along with it.
