Cloudflare Uses the Power of its Global Network to Identify the Top 50 Most Impersonated Brands and Protect Zero Trust Customers From Phishing Scams

Cloudflare, Inc., the security, performance, and reliable company that helps build a better Internet released a global report on the top 50 brands used in phishing attacks. Nearly 20% of all websites are protected by Cloudflare’s global network, and Cloudflare’s email security service prevented 2.3 billion unwanted emails from reaching inboxes by 2022. As a result, computers Cloudflare data learning and analysis provide Cloudflare with unique insights into the most frequently clicked phishing domains. by Internet users and its ability to proactively protect its Zero Trust customers.

“Phishing” refers to an attempt to steal sensitive information such as usernames, passwords, credit card numbers, bank account information and passwords or other important data in order to use or sell the information. stolen. Today, fraud is the fastest-growing Internet crime and a threat to consumers and businesses. By impersonating a trusted source – sometimes with a tantalizing request, sometimes with dire consequences – an attacker lures victims into fooling them, much like a fisherman using bait to catch fish. Often, these attempts come in the form of an incorrectly entered email, text, or website URL that appears to come from a well-known brand, but is actually a malicious party.

“Phishing attacks prey on our trust in the brands we love and use every day, and are becoming more difficult to spot for even the most digitally-savvy person. Our sanity, bank accounts, and passwords shouldn’t be compromised because we glossed over a misspelled ‘from’ field or accidentally clicked on an obscure URL,”
“We’ve extended our Zero Trust services with real-time protection against new phishing sites, so our customers won’t fall victim to attacks leveraging the brands they trust.”
Matthew Prince, co-founder and CEO, Cloudflare.

Cloudflare found that brands in finance, technology, and telecommunications are the industries most often counterfeited, especially for the unprecedented access to finance and benefits that bank accounts offer. , email, social media and phone companies can offer to attackers. Tech and telecom companies pose a unique threat as phishing attacks can intercept emails and text messages used to verify a user’s identity through two-factor authentication. As a result, these phishing attempts may also compromise other accounts.

New anti-phishing protections with Cloudflare One

Today, Cloudflare also announced new features to provide customers with the most comprehensive and effective anti-phishing protection available. Building on the recent launch of Cloudflare Area1’s enhanced Zero Trust email security tools, customers can now automatically identify and instantly block “confusion” domains to protect their corporate network. they are better. This offer can help protect against phishing attacks similar to the one that threatened Cloudflare and 100 other companies last summer when attackers created the “Cloudflare-okta” phishing domain .com” just 40 minutes before sending it to employees. Using Cloudflare Gateway, customers can create no-trust rules to prevent their employees from resolving or navigating to these or similar domains.

reporting method

To generate the report, Cloudflare used DNS Resolver resolution data to find the domains associated with the phishing URLs that users clicked on most often. Any domains used for shared services (such as Google, Amazon, and GoDaddy hosting sites) that could not be verified as a phishing attempt were removed from the dataset.