Cloudflare has released a list of the top 50 brands that phishing URLs impersonate in an effort to make employees more aware of which types of emails in their inbox they should be most skeptical. The top five brands include AT&T Inc., Paypal, Microsoft, DHL, and Facebook. It is a common tactic for threat actors to impersonal these brands through the use of misspelled URLs or spoofing their website design, hoping to gain trust through any lapses in attention. Additionally, threat actors tend to favor technology and communications companies because they are the ones used for two-factor authentication prompts. Actors often send messages that include URLs from those organizations to try and trick users to click on a link taking them to a landing page that impersonates a recognized sign-in page. Members are encouraged to include popular impersonated brands in awareness refreshers and reminders. Read more at Help Net Security.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!