Organisations that had their brands used in recent malicious campaigns include eBay, PayPal, Visa, and American Express, said Sophos.
“Protecting your brand against abuse by phishers is, sadly, as good as impossible, especially if your brand is well-known and widely advertised,” it said.
In a recent phishing campaign, Netflix had its brand hijacked – and Sophos highlighted what to look out for.
The fake email
The phishing email uses Netflix’s branding and similar language to what the company uses in it communications.
Attackers use the trick of changing characters in the branding and URL, in this case writing “Netflix” with the greek letter chi.
Fake website with valid SSL certificate
The phishers also hacked a website with a valid SSL certificate and hosted their attack site there.