Cloudflare Uses the Power of its Global Network to Identify the Top 50 Most Impersonated Brands and Protect Zero Trust Customers From Phishing Scams

March 13, 2023
  • AT&T, PayPal, and Microsoft top the list of most impersonated brands in phishing attempts
  • Most targeted industries include Finance, Technology, and Telecom for phishing scammers
  • New anti-phishing protections in Cloudflare One block the tricks phishers use to confuse end-users

Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today published a global report on the Top 50 Brands Used in Phishing Attacks. Nearly 20% of all websites are protected by Cloudflare's global network and its email security offering stopped 2.3 billion unwanted emails from hitting inboxes in 2022. As a result, Cloudflare’s machine learning and data analysis give it unique insight into the phishing domains most frequently clicked on by Internet users and the ability to proactively protect its Zero Trust customers.

“Phishing” refers to an attempt to steal sensitive information like usernames, passwords, credit card numbers, bank and crypto account information, or other important data in order to utilize or sell the stolen information. Today, phishing is the fastest growing Internet crime, and a threat to both consumers and businesses. By masquerading as a reputable source – sometimes with an enticing request, other times with a severe consequence – an attacker lures in the victim in order to trick them, similarly to how a fisherman uses bait to catch a fish. Oftentimes, these attempts come in the form of an email, text message, or mistyped website URL that looks like it’s from a well-known brand, but is actually a malicious party.

“Phishing attacks prey on our trust in the brands we love and use everyday, and are becoming more difficult to spot for even the most digitally-savvy person. Our sanity, bank accounts, and passwords shouldn't be compromised because we glossed over a misspelled 'from' field or accidentally clicked on an obscure URL,” said Matthew Prince, co-founder and CEO, Cloudflare. “We've extended our Zero Trust services with real-time protection against new phishing sites, so our customers won't fall victim to attacks leveraging the brands they trust.”

Most Impersonated Brand of 2022: AT&T Inc.

The top 50 brands most commonly impersonated by phishing URLs are:

1.

AT&T Inc.

26.

Coinbase Global, Inc.

2.

PayPal

27.

Banco Bradesco S.A.

3.

Microsoft

28.

Caixa Econômica Federal

4.

DHL

29.

JCB Co., Ltd.

5.

Facebook (Meta)

30.

ING Group

6.

Internal Revenue Service

31.

HSBC Holdings plc

7.

Oath Holdings/Verizon

32.

Netflix Inc

8.

Mitsubishi UFJ NICOS Co., Ltd.

33.

Sumitomo Mitsui Banking Corporation

9.

Adobe

34.

Nubank

10.

Amazon

35.

Bank Millennium SA

11.

Apple

36.

National Police Agency Japan

12.

Wells Fargo & Company

37.

Allegro

13.

eBay, Inc.

38.

InPost

14.

Swiss Post

39.

Correos

15.

Naver

40.

FedEx

16.

Instagram (Meta)

41.

LinkedIn (Microsoft)

17.

WhatsApp (Meta)

42.

United States Postal Service

18.

Rakuten

43.

Alphabet

19.

East Japan Railway Company

44.

The Bank of America Corporation

20.

American Express Company

45.

Deutscher Paketdienst

21.

KDDI

46.

Banco Itaú Unibanco S.A.

22.

Office365 (Microsoft)

47.

Steam

23.

Chase Bank

48.

Swisscom AG

24.

AEON

49.

LexisNexis

25.

Singtel Optus Pty Limited

50.

Orange S.A.

Cloudflare found that finance, technology, and telecom brands were the most commonly impersonated industries, notably for the unprecedented access and financial benefit that bank accounts, email and social media, and phone companies can give attackers. Technology and telecom companies are a unique threat because phishing attacks can intercept the emails and text messages that are used to verify a user’s identity via two-factor authentication. Therefore, these phishing attempts can lead to other accounts being compromised as well.

The top 50 brands we found, along with the most commonly used domain for phishing those brands can be found on Cloudflare’s blog.

New Anti-Phishing Protections with Cloudflare One

Today, Cloudflare also announced new capabilities to provide customers the most comprehensive and effective phishing protection available. Building on Cloudflare Area1’s recent launch of advanced Zero Trust email security tools, customers can now automatically and immediately identify and block “confusable” domains to better protect their corporate networks. This offering can help protect against phishing attacks similar to the one that threatened Cloudflare and 100 other companies last summer, when attackers created the misleading “cloudflare-okta.com” domain just 40 minutes before sending it to employees. Using Cloudflare Gateway, customers can create zero trust rules that prevent their employees from resolving or browsing to these “confusable” or lookalike domains.

Report Methodology

To generate the report, Cloudflare used 1.1.1.1 DNS resolver resolution data to find the domains associated with phishing URLs that were most commonly clicked. All domains that are used for shared services (like hosting sites Google, Amazon, and GoDaddy) that could not be verified as a phishing attempt were removed from the data set.

To learn more, please check out the resources below:

About Cloudflare

Cloudflare, Inc. (www.cloudflare.com / @cloudflare) is on a mission to help build a better Internet. Cloudflare’s suite of products protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was awarded by Reuters Events for Global Responsible Business in 2020, named to Fast Company's Most Innovative Companies in 2021, and ranked among Newsweek's Top 100 Most Loved Workplaces in 2022.

Forward-Looking Statements

This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the capabilities and effectiveness of the Cloudflare One suite of Zero Trust solutions (including Cloudflare Area 1) and Cloudflare’s other products and technology, the benefits to Cloudflare’s customers from using the Cloudflare One suite of Zero Trust solutions (including Cloudflare Area 1) and Cloudflare’s other products and technology, the expected functionality and performance of the Cloudflare One suite of Zero Trust solutions (including Cloudflare Area 1) and Cloudflare’s other products and technology, the timing of when any new Cloudflare One features (including Cloudflare Area 1) will be generally available to all current and potential Cloudflare customers, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s CEO and others. Cloudflare’s actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in its filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Annual Report on Form 10-K filed on February 24, 2023, as well as other filings that we may make from time to time with the SEC.

The forward-looking statements made in this press release relate to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in its forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.

© 2023 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.

Cloudflare, Inc.
Daniella Vallurupalli
Vice President, Head of Global Communications
press@cloudflare.com

Source: Cloudflare, Inc.