WhatsApp, Facebook, and Microsoft rounded out the top five as the most spoofed brands last quarter, says Check Point Research.
Phishing attacks typically try to lure in victims by impersonating well-known companies, brands, and products. The goal is to arouse interest, curiosity, or even fear among recipients so that they’ll be more likely to take the bait and fall for the scam.
Brand phishing in particular works by spoofing the websites of popular organizations or products through which attackers often try to obtain login credentials or other confidential information. A new report from cyber threat intelligence provider Check Point Research highlights some of the most spoofed brands seen during the second quarter.
SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)
Released on Tuesday, Check Point’s “Brand Phishing Report for Q2 2020” found that Google and Amazon were the most impersonated brands last quarter, each accounting for 13% of the brand phishing campaigns analyzed. At the same time, Apple dropped from first place in the first quarter of 2020 to seventh place in the second quarter, accounting for only 2% of the brand phishing attacks seen.
Elsewhere on the list, WhatsApp and Facebook tied for third place, each representing 9% of the observed brand phishing campaigns. Microsoft accounted for 7%, Outlook for 3%, and Netflix tied with Apple, Huawei, and PayPal for 2%. Looking at industries, the most impersonated were technology, followed by banking, and then social networks.
Among different attack vectors or platforms, email accounted for 24% of the brand phishing campaigns, with Microsoft, Outlook, and UniCredit the most impersonated. Web-based attacks encompassed 61%, with Google, Amazon, and WhatsApp the most spoofed. And mobile brands accounted for 15% of all attacks, with Facebook, WhatsApp, and PayPal the most imitated.
Phishing exploits conducted through email rose to second place from third place in the previous quarter. This change may be due to the easing of coronavirus-related restrictions through which businesses have started to reopen and employees have begun returning to work, Check Point said.
In one brand phishing campaign spotted by Check Point in late June, attackers tried to imitate the login page of Apple’s iCloud service. Using the domain name of account-icloud.com and registered under an IP address located in Russia, this attack tried to steal iCloud login credentials. In another campaign seen in May, a fraudulent website attempted to impersonate a PayPal login page. Using the domain of paypol-login.com, this site was registered under an IP address in the US.
To protect yourself and your organization against these types of brand phishing attacks, Check Point offers the following advice:
- Verify that you’re using or ordering from an authentic website. One way to do this is NOT to click on promotional links in emails. Instead, search for your desired retailer and select the link from the search results.
- Beware of “special” offers. An 80% discount on a new iPhone is usually not a reliable or trustworthy purchase opportunity.
- Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.
Cybersecurity Insider Newsletter
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)