Google, Facebook ,Amazon under siege as cybercriminals escalate phishing attacks

Joy Agwunobi

The digital security sector is being reshaped by an alarming rise in phishing attacks that specifically target some of the world’s most trusted technology companies, according to a report by Kaspersky, a multinational cybersecurity and anti-virus provider.

Kaspersky’s recent analysis exposed a significant surge in these attacks, with prominent brands such as Google, Facebook, and Amazon becoming prime targets for cybercriminals, with the volume of phishing attempts seen to have increased significantly compared to the previous year

Kaspersky’s report analysed phishing tactics across 25 major global brands listed in Interbrand’s Best Global Brands 2023.The study found that  in the first half of 2024 alone, there were nearly 26 million attempts worldwide to access counterfeit websites impersonating  these brands with nearly  40 percent  increase from the same period in 2023.

The report identified Google, Facebook, and Amazon as the most frequent targets of these phishing attempts. The data showed  a marked escalation in attempts to steal credentials and sensitive data from these tech giants, with the frequency of attacks rising significantly year-on-year.

Kaspersky attributes the sharp rise in phishing attacks to an increase  in fraudulent activities rather than a drop in user awareness. According to the  findings, cybercriminals are becoming more aggressive in targeting user data and financial information, where even the most well-known brands are now vulnerable to increasingly sophisticated attacks.

The study found that cybercriminals increasingly focused on Google services in their attempts to steal user credentials like usernames and passwords. The company blocked over 4 million phishing attempts targeting Google globally, as scammers tried to trick users into revealing their account information.

According to the report, Facebook was also a major target, with approximately 3.7 million phishing attempts, while Amazon came in third with around three million attempts. Microsoft and DHL completed the top five, with 2.8 million and 2.6 million attempts respectively. 

PayPal, Mastercard, Apple, Netflix, and Instagram were also among the top ten brands targeted for sensitive data and financial information in 2024.

Notably, some brands saw dramatic increases in phishing attempts. Google experienced a 243 percent  rise in phishing activities in the first half of 2024 compared to the previous year. Mastercard faced a 210 percent  increase in attempts to steal data and money, and both Facebook and Netflix saw their phishing attempts double.

However, Microsoft saw a decline in phishing activity, which Kaspersky attributed to enhanced cyber literacy within organisations that used Microsoft services. Similarly, DHL experienced a reduction in phishing attempts, a trend also observed among several transport and logistics brands.

In contrast, other companies faced a significant rise in phishing attacks. HSBC experienced an eightfold increase, reaching 240,000 phishing attempts in 2024. eBay saw a threefold rise, with over 300,000 attacks. Brands such as Airbnb, American Express, and LinkedIn reported substantial increases, with phishing attempts rising by 174 percent , 137 percent, and 122 percent, respectively.

Olga Svistunova, a security expert at Kaspersky, observed that there has been a notable increase in phishing attempts targeting Google this year. She explained that if a phisher gains access to a Gmail account, they could potentially exploit multiple linked services, making it a prime target.

Svistunova also pointed out that the rise in phishing attacks targeting Mastercard is likely associated with the growth of fraudulent online shops that falsely claim to accept Mastercard for payment.

As cybercriminals continue to evolve and adapt their tactics, Kaspersky recommends that brands take proactive measures to manage and mitigate these risks, including regular monitoring of their online presence, educating customers about authorised channels, and reporting phishing attempts to authorities. 

Kaspersky suggested that for sectors like finance, additional precautions are necessary. This includes outsourcing online monitoring to cybersecurity providers and utilising dedicated takedown tools. Brands were also advised to inform clients about increased risks and encourage them to stay vigilant against suspicious emails and messages.