Completely absent from the top 10 brands for more than two years, Yahoo’s impersonation may indicate that scammers are looking for new attack angles using lesser-used brands.
Yes, of course, Yahoo is anything but insignificant. With revenues topping $8 billion, the search engine giant is still quite relevant today. But in the world of phishing attacks using the impersonation of a major brand, Yahoo was down near 24th place. That is, until last quarter, when – according to CheckPoint’s security analysts determined that Yahoo jumped up 23 places to top the list of Top 10 Impersonated Brands in Q4 of 2022.
Surpassing brands we’ve become accustomed to seeing in the top 5 such as Microsoft, DHL, LinkedIn, Google, and Amazon, Yahoo was previously an impersonation afterthought. But it’s popularity last quarter indicates that there is a resurgence in its’ use as a known and trusted brand that can give scammers just enough credibility to see their phishing attacks succeed.
Offering awards and significant amounts of money, according to CheckPoint, the Yahoo-themed phishing scams sought to trick victims into giving up personal information – including Yahoo credentials.
The use of Yahoo’s brand says a few things about the state of phishing attacks. First, you only need a widely known brand – in essence, any known brand – to launch an impersonation scam. Second, we can only assume the attackers are seeing material success to jump 23 places. Third, with lots of impersonated brands representing those who organizations like your do business with (e.g., DHL, UPS, banks, etc.), users need to be educated through Security Awareness Training that just because you no longer see the impersonation equivalent of the age-old “Nigerian Prince” scam doesn’t mean it can’t pop up in an Inbox today.
