Phishing attacks typically try to lure in victims by impersonating well-known companies, brands, and products. The goal is to arouse interest, curiosity, or even fear among recipients so that they’ll be more likely to take the bait and fall for the scam.
Brand phishing in particular works by spoofing the websites of popular organizations or products through which attackers often try to obtain login credentials or other confidential information. A new report from cyber threat intelligence provider Check Point Research highlights some of the most spoofed brands seen during the second quarter.
SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)
Released on Tuesday, Check Point’s “Brand Phishing Report for Q2 2020” found that Google and Amazon were the most impersonated brands last quarter, each accounting for 13% of the brand phishing campaigns analyzed. At the same time, Apple dropped from first place in the first quarter of 2020 to seventh place in the second quarter, accounting for only 2% of the brand phishing attacks seen.
Elsewhere on the list, WhatsApp and Facebook tied for third place, each representing 9% of the observed brand phishing campaigns. Microsoft accounted for 7%, Outlook for 3%, and Netflix tied with Apple, Huawei, and PayPal for 2%. Looking at industries, the most impersonated were technology, followed by banking, and then social networks.
The top 10 list of the spoofed brands did change in significant ways from the first quarter. Beyond Apple dropping in the list, Google took first place when it wasn’t even on the list in the first quarter, while Amazon jumped from 10th place to tie for first place. Why such a shift from one quarter to the next?
“It is hard to say, and in many cases we can only speculate,” Check Point’s manager of data research, Omer Dembinsky, told TechRepublic. “Amazon’s rise, for example, could be related to online shopping growth during the COVID-19 pandemic, but for others it could be more difficult to point to a specific reason. Sometimes it’s enough to have a few major malicious campaigns by threat actors to shift one brand up or down the ranking.”
Among different attack vectors or platforms, email accounted for 24% of the brand phishing campaigns, with Microsoft, Outlook, and UniCredit the most impersonated. Web-based attacks encompassed 61%, with Google, Amazon, and WhatsApp the most spoofed. And mobile brands accounted for 15% of all attacks, with Facebook, WhatsApp, and PayPal the most imitated.
Phishing exploits conducted through email rose to second place from third place in the previous quarter. This change may be due to the easing of coronavirus-related restrictions through which businesses have started to reopen and employees have begun returning to work, Check Point said.
In one brand phishing campaign spotted by Check Point in late June, attackers tried to imitate the login page of Apple’s iCloud service. Using the domain name of account-icloud.com and registered under an IP address located in Russia, this attack tried to steal iCloud login credentials. In another campaign seen in May, a fraudulent website attempted to impersonate a PayPal login page. Using the domain of paypol-login.com, this site was registered under an IP address in the US.
To protect yourself and your organization against these types of brand phishing attacks, Check Point offers the following advice:
- Verify that you’re using or ordering from an authentic website. One way to do this is NOT to click on promotional links in emails. Instead, search for your desired retailer and select the link from the search results.
- Beware of “special” offers. An 80% discount on a new iPhone is usually not a reliable or trustworthy purchase opportunity.
- Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.