The constant struggle of detecting, blocking, and minimizing the risks of phishing attacks is undeniably one of the toughest challenges faced by any security team. Phishing refers to the act of attempting to obtain sensitive information such as usernames, passwords, credit card numbers, bank and cryptocurrency account details, or other vital data to utilize or sell it illegally. In today’s digital landscape, phishing is the swiftest growing form of internet crime and poses a threat to both individuals and organizations, necessitating the use of anti-phishing tools.
The primary obstacle in preventing phishing attacks is the massive volume of fraudulent emails and websites, which makes it challenging to differentiate between genuine and fake ones. Even with increased user awareness, it can be difficult to spot the subtle tactics used by attackers to create convincing phishing emails and websites.
Recently, Cloudflare released a worldwide report detailing the Top 50 Brands that are targeted in phishing attacks. The table below showcases the list of the top 15 brands, as well as one of the commonly used domains utilized to phish those brands.
Alphabet, Instagram, Facebook, Microsoft, WhatsApp, American Express Company, Office 365, HSBC, Netflix, FedEx, and Coinbase are some of the other popular companies on the list.
According to Cloudflare’s findings, the finance, technology, and telecom sectors were the industries most frequently impersonated by phishers. This is mainly due to the high level of access and potential financial gain that attackers can obtain by targeting bank accounts, social media and email accounts, and phone companies. Technology and telecom firms pose a distinctive threat since phishing attacks can intercept the emails and text messages used for two-factor authentication to confirm a user’s identity. This can result in other accounts becoming compromised as well.
New anti-phishing protections
Cloudflare has also unveiled new features that enable customers to access the most complete and powerful phishing protection. By leveraging the advanced zero trust email security tools recently introduced by Cloudflare Area1, users can now quickly and automatically detect and prevent the use of “confusable” domains that could compromise their corporate networks.
This service aids in thwarting phishing attacks by establishing zero trust rules that restrict employees from accessing or browsing these fraudulent, lookalike, or confusing domains.
It also opened beta access to its brand and anti-phishing tools directly from its Security Center dashboard, to catch and mitigate phishing campaigns before they happen.