Area 1 Security Announces the Most Spoofed Brand of 2020

The World Health Organization (WHO) emerged as the 2021 March Hackness Champion, a title no organization wants to win. Researchers identified over 2 million phishing spoofs exploiting the WHO brand between May 2020 and February 2021. Attackers used sophisticated techniques such as display name spoofing, adding logos for legitimacy, and abusing legitimate services like Appspot.com to host their phishing sites. The COVID-19 pandemic influenced the attack patterns of phishing attacks in the U.S., with hackers exploiting trust in organizations like WHO, Moderna, CDC, Marketo, Columbia Sportswear, UPS, CNN, Zoom, Adidas, and Nike. Email authentication standards such as SPF, DKIM, and DMARC are not enough to prevent phishing attacks from reaching inboxes; comprehensive message analysis, computer vision, domain registration checks, and other techniques beyond email authentication are necessary for effective defense against sophisticated phish.