New data has revealed the top 10 brands most used in email phishing scams by frausters.
The data looked at the number of Google searches for well-known brands and scams across the UK, and found the brands most likely to be impersonated were PayPal and Amazon, as well as an increase of up to 150,000 per cent in Royal Mail and DPD scams, in the past year alone.
With more people relying on online technologies, there’s been a unique opportunity for scammers to impersonate brands and target those who have had to rely on email to connect with companies.
Analysts at Dojo, a payments provider under the Paymentsense brand, have revealed the 10 brands most used in phishing email attacks by fraudsters, to scam people across the UK.
The list of brands, based on search data are as follows.
The list reads from left to right: ranking; company name; search volumes; % search increase (12 months):
- PayPal 65,470 +81%
- Amazon 42,120 +7%
- DPD 32,970 +149,083%
- DVLA 17,530 +2,731%
- Apple 14,280 -55%
- Royal Mail 9,870 +1,077%
- Halifax 5,830 +2,041%
- Virgin Media 3,500 -60%
- Gov.uk 1,560 +371%
- Boots 740 +200%
Amazon and DPD highest-ranked delivery services being impersonated
In second place is the online retail store Amazon, with a yearly search volume of 42,120.
There’s been an increase in shoppers turning to Amazon for their daily goods as people have been confined to their homes, so this seems like an obvious choice for scammers.
Securing the last spot in the top three is delivery service DPD, with 32,970 people searching for ‘DPD email scam’.
This delivery service has seen a massive search increase of 149,083 per cent, with many scammers trying to impersonate the company to retrieve the details of unsuspecting customers.
Action Fraud received 5,478 reports of suspicious DPD emails in November 2020, a massive 655 per cent increase compared to the previous month.
During December of 2020, when consumers were mainly purchasing Christmas gifts for their loved ones online, DPD fraud was highly common.
Victims recorded a loss of £103,000 in the first week of the month.
PayPal is impersonated the MOST in phishing email scams
Google search data reveals that PayPal is the most commonly impersonated brand by scammers, with a total of 65,470 people searching for ‘PayPal email scam’ – a whopping 81 per cent increase last year.
PayPal may top the list due to the nature of their service, handling customers’ transactions, so it may seem reasonable to ask for your details.
How to spot a phishing email
Although customers are becoming wiser to phishing emails, scammers are becoming more advanced and their fraudulent emails aren’t always so easy to spot.
Head of Remote Payments at Dojo, Martin Wilson, has rounded up five top tips on spotting a phishing email: “Scammers are getting more creative with their deceit.
“With the rise in ecommerce accelerated by the global pandemic, seasoned fraudsters are seizing the opportunity to exploit the vulnerable and less-tech savvy.
“For the many people adopting new technologies such as online banking and shopping for the first time during COVID-19, these frauds are incredibly convincing and traumatic.
“This rise is being monitored and managed by the UK police’s dedicated team, Action Fraud.
“But in the short-term, there are some ways consumers can protect themselves and minimise their risk of digital fraud.”
Top tips for people receiving fake phishing emails:
1. Check the sender’s email address. Often scammers will use a suspicious email address that includes words that don’t relate to the company they impersonate or lots of numbers.
2. Check for poor spelling and grammar, or mistakes to the company’s name. Although some fraudulent emails are highly sophisticated, many of them can be poorly worded and there are some tell-tale signs they’re not legitimate.
3. Check the formatting of the email. A lot of companies send legitimate emails from a templated third-party system. Your favourite brands will often spend a lot of money making their emails branded and it can be difficult for scammers to replicate these email templates.
So if you see plain-text emails with no branding – or brand logos replicated in low resolution, look back at your inbox to see if this matches the company’s typical communication designs.
4. Don’t rush to action their demands. Often scammers thrive from creating a sense of urgency and panic from the recipient. They will use scare tactics or threatening language to make you rush into doing something.
Whether it’s clicking a suspicious link or providing your personal data, you should take some time to review the email and research it’s legitimacy before taking any actions.
If you’ve already clicked the link, check the URL straight away and do not login anywhere as scammers can capture your details to take over your account.
5. Never send sensitive data via emails, or online links from emails or SMS. If you do suspect you’ve been sent a phishing email, do not click on it and try not to open the email at all – especially if you’re using your work email. Scammers often leave malicious links within the email that once clicked allow them to enter your computer’s system.
If you accidentally click on one of these emails you should change your passwords immediately and check your bank accounts regularly to make sure no money has disappeared. If this happens you should alert your bank immediately and they will guide you on further action.
If you’re concerned about your work email account or laptop, you should contact your information security team straight away and flag your concerns. It’s always better to be cautious and vigilant when dealing with online security.
6. Contact the company implicated. Whether you’re unsure, or you’re totally convinced that you’ve received a scam email pretending to be a company, reach out to that company to inform them and see further information. They will be able to let you know within an instant if the communication you received was legitimate.
And often large brands will have dedicated teams investigating frauds affecting their customer base and damaging their brand reputation, so they will undoubtedly appreciate any information you can provide that can stop these fraudulent activities going forward.
For more information and advice on online fraud, visit the Action Fraud official website