HomesecurityFBI: Warns of brand phishing targeting high profile clients

FBI: Warns of brand phishing targeting high profile clients

The Federal Bureau of Investigation (FBI) has issued a warning about recently detected e-fishing campaigns targeting customers of "brand companies" in attacks known as "brand phishing».

brand phishing

See also: Phishing email threatens influencers by deleting their TikTok accounts

This warning was issued as a public service announcement through the office's Internet Crime Complaint Center platform, in coordination with the DHS Cyber ​​Security and Infrastructure Security Service (CISA).

Targets are sent to phishing landmarks via a variety of media, including spam email, text messages or web and mobile applications that may falsify the identity or email address of a company's official website.

Intruders incorporate login forms or malware into their phishing pages with the ultimate goal of stealing their victims' user credentials, payment information or various other types of personal information (PII).

In addition to these ongoing phishing attacks, threat carriers are likely to develop tools to trick potential targets into revealing two-factor circumvention (2FA) bypass information.

See also: Phishing campaign used Proofpoint to deceive users

«When cybercriminals gain access to a consumer's email accounts, they may be able to intercept 2FA password emails used to make significant changes to online accounts, update passwords, verify user access, or change security rules and settings before the account holder is up to date and up to date» Reported the federal law enforcement agency.

According to Check Point Brand Phishing Report for the 2nd quarter of 2021, the top five brands appearing in brand phishing attempts are Microsoft (45% of all brand phishing efforts worldwide), DHL (26%), Amazon (11%), Bestbuy (4%) and Google (3%).

The FBI has encouraged private sector partners to remain vigilant and evaluate their internal security policies and provide their consumers with information about account security protocols.

If you are the victim of a brand phishing attack, you should contact your local law enforcement or FBI office and report the incident immediately.


See also: Phishing emails infect victims with MirCop ransomware

Consumers are advised to follow these recommendations to protect themselves from phishing attempts:

  • Be wary of unsolicited email or social media contact from anyone you do not know personally and / or containing messages tempting you to open a link or attachment.
  • When you receive account alerts, instead of clicking on a link in an email or text, choose to browse the site using the secure URL to check for logs, messages, or alerts.
  • Carefully verify the spelling of web addresses, sites, and e-mail addresses that appear to be trusted but may be copyrighted sites.
  • Use strong unique passwords and do not reuse the same password on multiple accounts.
  • Do not save important documents or information in your email account (eg private digital currency keys, social security number documents, or photocopies of your driver's license).
  • Enable 2FA and / or Multi-Factor (MFA) authentication options to help secure online accounts, such as a phone number, software-based authentication software, USB security key, or a separate email account (with a unique password) not associated with other accounts) to receive authentication codes for account logins, password reset, or updates to sensitive account information.
  • When possible, do not use your primary email address for links to Sites. Create a unique username that is not associated with your primary email address.

Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement