Hooded phishing hacker acting as Microsoft Support

Exposing the Top Target Brands Scammers Love to Impersonate

September 30, 20246 min read

Exposing the Top Target Brands Scammers Love to Impersonate 

The battle against online scams rages on, with consumers and businesses alike falling victim to the cunning tactics of cybercriminals. These actors use sophisticated methods to steal sensitive data, often through the deceptive practice of phishing, where they impersonate trusted brands to lure unsuspecting victims into divulging confidential information. 

Based on Federal Trade Commission's newly released data spotlight for 2023 shows the staggering scope of this issue, highlighting how prevalent brand impersonation scams have become. Consumers submitted about 52,000 reports about scammers impersonating Best Buy or its Geek Squad tech support brand, followed by about 34,000 reports of Amazon impersonation scams. PayPal, another frequent target, saw 10,000 impersonation reports. However, when it comes to financial losses, the data takes a darker turn—consumers reported losing $60 million to scammers impersonating Microsoft and $49 million to Publisher's Clearing House. 

Tech Giant Victims 

Tech companies, unsurprisingly, dominate the list of impersonated brands, with scammers continuously targeting companies that are deeply embedded in consumers' daily digital lives. Microsoft, in particular, emerged as one of the most damaging brands to be impersonated, with $60 million in reported losses tied to these scams. Phishing emails often masquerade as official Microsoft notifications, luring recipients with subject lines like “Outlook Info Replacement” or “Message Failure Delivery Notice” and directing them to fake websites that ask for login credentials. 

In fact, one of TCI's own employees recently fell victim to a Microsoft impersonation scam. After clicking on what she thought was a legitimate catering website, she was met with alarming messages warning that the site had been compromised. Urgent instructions to contact "Microsoft Support" flashed on her screen, along with a phone number. Unfortunately, this was all part of a sophisticated phishing scam. The website had been hacked, and the urgent messages were designed to trick her into giving sensitive information to the scammers. Below is a picture of what this could look like.  

Best Buy's Geek Squad and Amazon were also heavily targeted in 2023. Both brands saw tens of thousands of scam reports, as cybercriminals capitalized on their reputation and trustworthiness to trick users into compromising their personal and financial information. While these brands were frequent targets, the reported financial impact paled in comparison to those impersonating Microsoft or Publishers Clearing House. 

The Escalating Financial Toll 

As cyber threats grow more common, the financial toll increases exponentially. According to the FBI, online scam losses surged by 22% in 2023, reaching over $12.5 billion in the U.S. alone. Phishing scams accounted for the majority of these crimes, with many users falling victim to scams that exploit trusted brand identities. 

While the frequency of these scams is alarming, the financial losses tied to impersonations of Microsoft and Publishers Clearing House demonstrate just how damaging these tactics can be. Beyond the staggering $60 million lost to Microsoft scams, another $49 million was stolen through fake Publishers Clearing House notifications. These scams often prey on users' excitement about potential winnings, tricking them into providing sensitive financial details under the guise of prize claims. 

What to Do If You Click a Bad Link 

If you’ve clicked on a suspicious link and fear that your information may be compromised, don’t panic. Taking the following steps immediately can help minimize potential damage: 

  1. Disconnect from the Internet: Temporarily disable your connection to prevent malware from spreading or communicating with external servers. 

  1. Scan Your Device for Malware: Run a full scan using trusted antivirus software to detect and remove any potential threats. 

  1. Change Your Passwords: If you’ve entered login credentials, immediately change your passwords for all affected accounts, especially those linked to financial or personal data. Use strong, unique passwords for each account. 

  1. Enable Two-Factor Authentication (2FA): Add an extra layer of security by enabling 2FA on your accounts, which will make it harder for scammers to gain access even if they have your login information. 

  1. Monitor Financial Accounts: Keep a close eye on your bank accounts, credit cards, and online payment services (such as PayPal) for any unauthorized transactions. 

  1. Report the Incident to IT Professionals: Contact your company's IT team or a Managed IT Support provider, such as TCI, to assess any potential damage and secure your systems. Reporting early helps minimize the risk and spread of any potential malware or breaches. 

  1. Report the Incident to Authorities: Notify the impersonated company and report the phishing attempt to authorities like the Anti-Phishing Working Group (APWG) or the Internet Crime Complaint Center (IC3). 

  1. Clear Your Cache and Cookies: Sometimes, malicious websites store information in your browser. Clear your cache and cookies to remove any traces. 

Empowering Vigilance: How to Detect and Avoid Online Scams 

Amidst the pervasive threat of online scams, equipping oneself with the knowledge and tools to detect and avoid fraudulent attempts is essential. By remaining vigilant and adopting proactive measures, individuals can safeguard their personal information and financial assets from cybercriminals. Here are key strategies for identifying and thwarting phishing scams: 

  1. Verify Sender Identity: Scrutinize the sender's email address for discrepancies. Legitimate companies use official domain names, while scammers may use misspellings or irregularities. 

  1. Exercise Caution with Links and Attachments: Avoid clicking on links or downloading attachments from unknown sources. Preview URLs before clicking to detect potential malicious websites. 

  1. Inspect Message Content: Phishing emails often convey urgency or alarm to prompt quick action. If the message seems suspicious, verify its authenticity by contacting the sender directly. 

  1. Validate Website Authenticity: Always ensure a website's legitimacy before entering personal details. Look for security indicators like SSL encryption (https://) and padlock icons in the address bar. 

  1. Stay Informed and Educated: Keep up with emerging phishing trends and cybersecurity best practices. Being informed empowers users to recognize red flags and avoid scams. 

  1. Utilize Security Software: Use antivirus software, firewalls, and spam filters to help block phishing attempts and detect suspicious activities. 

  1. Report Suspicious Activity: Report phishing attempts to companies or authorities like the Anti-Phishing Working Group (APWG) or the Internet Crime Complaint Center (IC3). 

How TCI Can Help You Stay Protected 

As cybercriminals continue to hone their tactics, vigilance is the first line of defense. By staying informed about the brands most commonly impersonated and taking proactive steps to secure personal data, users can reduce the risk of falling prey to scams. With the right knowledge and tools, individuals and businesses can navigate the digital world more safely. 

At TCI, we understand the challenges businesses face in staying secure in today's ever-evolving cyber landscape. Our comprehensive IT and Cybersecurity solutions are designed to protect your business from phishing scams, data breaches, and other malicious threats. Whether it's Managed IT Support, proactive cybersecurity measures, or real-time threat monitoring, we're here to keep your business safe and secure. 

Don't wait until it's too late—let TCI help safeguard your business from online threats. Visit TCI Managed IT Support Company today to learn more about how we can fortify your defenses and give you peace of mind in a digital world full of risks. Stay protected, stay secure. 

Back to Blog