A staggering 99% of all phishing attacks exploit just 300 brands, according to new research by cybersecurity firm NordVPN.

The most frequently impersonated brands for spreading malware blocked by the company in the first half of this year include Office365 with 86,312 impersonated URLs, Russian natural gas giant Gazprom with 59,984 and US telecom company AT&T with 27,936.

Scammers impersonated Facebook in 19,287 cases and WhatsApp in 13,474.

Malware, which includes viruses, trojans, ransomware and spyware, is designed to harm users' devices. It can steal sensitive data, encrypt important files, or even take control of devices entirely. The most common way users get infected is by visiting malicious sites.

“Even if we do not see malware or trackers with the naked eye or can handle the irritation caused by intrusive ads, it does not save us from severe privacy and cybersecurity issues,” said Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.

Cybercriminals often use deceptive misspellings of popular brands to trick victims into clicking phishing links and downloading infected files.

“High brand awareness can lull victims into a false sense of security and get them to lower their guard,” Warmenhoven added.

You are more likely to be scammed in Hong Kong than be the victim of any other crime.

Last year, deception cases rose by 42.6% in the city to almost 40,000 cases and losses of HK$9 billion. Almost half of all reported crimes (44%) relate to fraud and scams.

Hong Kong isn’t alone. The situation here mirrors other places around the world. The US lost HK$78 billion to fraud last year. The UK lost HK$23 billion. Singapore lost HK$3.8 billion.

At Scamurai, we want to help stop scammers by tracking and exposing them. If you’d like support our work, please consider subscribing and sharing.