Criminals are using familiar company names to steal user information and payment credentials, Check Point found.
Cyberattackers are disguising themselves as big name brands to execute phishing attacks, a Check Point Research report found. The data, released on Tuesday, unveils the most imitated brands for these attempts during Q1 2020.
SEE: Fighting social media phishing attacks: 10 tips (free PDF) (TechRepublic)
Phishing attacks are some of the most popular forms of cyberattacks and were predicted to be even more prevalent in 2020. Phishing is known as a social engineering method criminals use to fraudulently steal information, which is then used to gain access to devices or networks, according to TechRepublic's phishing cheat sheet.
These attacks can come in many forms, whether it be a malicious link disguised as a trusted source, pop ups on normal websites, or even phone calls and text messages.
However, as people become more aware of these attacks and take steps to protect themselves, cybercriminals become more creative.
Many malicious users are turning to brand phishing attacks, in which attackers imitate the official website of a widely-known brand, using a similar URL and web-page design to the actual site, according to a Check Point press release.
The links to these fake websites are often sent to individuals by email or text message. Users can also be redirected to bad sites during regular web browsing or via a fraudulent mobile application, as stated in the release. Through these sites, users are then offered a form asking for credentials, payment details, or other personal information, as stated in the release.
With users exploring the internet even more during the time of coronavirus-induced social distancing and quarantine, knowing what to look for in cyberattacks is critical.
"Cybercriminals continue to exploit users by adopting highly sophisticated phishing attempts via emails, web, and mobile applications purporting to be from well-recognized brands which they know will be in high demand at the moment, whether that's a high profile product launch or just generally tapping into behavioral changes we've seen during the coronavirus pandemic," said Maya Horowitz, director of threat intelligence and research, products at Check Point, in the release.
"Phishing will continue to be a growing threat in the coming months, especially as criminals continue to exploit the fears and needs of people using essential services from their homes," Horowitz added.
To help protect individuals from these attacks, Check Point identified the most imitated phishing brands in Q1 2020, as well as the top phishing brands by platform.
Top 10 phishing brands in Q1 2020
The following brands were ranked by their overall appearance in brand phishing attempts globally.
- Apple (10%)
- Netflix (9%)
- Yahoo (6%)
- WhatsApp (6%)
- PayPal (5%)
- Chase (5%)
- Facebook (3%)
- Microsoft (3%)
- eBay (3%)
- Amazon (1%)
Apple took the top spot as the most frequently targeted brand by cybercriminals, rising from No. 7 in Q4 of 2019. Netflix took the second spot, which could be attributed to the rise in streaming service usage during the coronavirus pandemic, according to the report.
The most likely industry to be targeted by brand phishing was clearly technology, followed by banking and media, the report found. These targets are some of the most-used consumer sectors, and will continue being used more during quarantine as people work from home, grapple with finances, and use entertainment services.
Top phishing brands by platform
Email (18% of all phishing attacks during Q1)
Web (59% of all phishing attacks during Q1)
Mobile (23% of all phishing attacks during Q1)
Mobile devices were the second most attacked platform in Q1 2020, while in Q4 2019 it ranked third. The reasoning for this could be because more people are spending time on their mobile devices during the pandemic, which cybercriminals use to their advantage, the report found.
For more, check out Hackers are working harder to make phishing and malware look legitimate on TechRepublic.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)