Check Point
Research issues Q2 Brand Phishing Report, highlighting the brands
that hackers copied the most to trick people into sharing their credentials,
personal information and payments.
· Google
(13%), Amazon (13%) and WhatsApp (9%) are the top 3 most imitated brands
globally.
· Email
phishing attacks surge compared to previous three months, making up nearly a
quarter (24%) of all phishing attacks.
· Facebook
is # most imitated brand on mobile.
· Report
provides specific examples of Apple iCloud and PayPal phishing exploits
Researchers at Check Point have published their Q2 Brand
Phishing Report. The report outlines the latest trends in ‘brand phishing’, a
term used to describe when a hacker imitates an official website of a known
brand by using a similar domain or URL. Hackers leverage a variety of methods
to send links to deceptive websites, redirecting users during their web
browsing experiences. Typically, the intention of a hacker is to steal
credentials, personal information or payments. The report covers the months of
April, May and June 2020.
Google and Amazon lead, Apple falls
Google and Amazon were the most imitated brands in phishing
attempts, while Apple (the leading phishing brand in Q1) fell to 7th place from
the top spot in Q1. The total number of Brand Phishing detections remains
stable compared to Q1 2020. Below are the top 10 brands ranked by their overall
appearance in brand phishing events during Q2 2020:
- Google (13%)
- Amazon (13%)
- WhatsApp (9%)
- Facebook (9%)
- Microsoft (7%)
- Outlook (3%)
- Apple (2%)
- Netflix (2%)
- Huawei (2%)
- PayPal (2%)
Email Phishing Exploits Surge
Email phishing exploits were the second most common type after
web-based exploits, compared to Q1 where email was third. The reason for
this change may be the easing of global Covid-19 related restrictions, which
have seen businesses re-opening and employees returning to work. Making up
nearly a quarter (24%) of all phishing attacks, email phishing exploits
targeted Microsoft, Outlook and Unicredit, in that order.
Facebook, the
Almost 15% of phishing attacks trace to mobile. Facebook, WhatsApp and then PayPal are the most imitated brands on mobile, in that order.
Example: Phony iCloud Login Page Aims to Steal
Credentials
During late June, Check Point researchers witnessed a fraudulent website which
was trying to imitate the login page of Apple’s cloud services, iCloud.
The purpose of this website (example below), is to try and steal iCloud login
credentials and is listed under the domain “account-icloud[.]com”. The domain was first active
in late June 2020 and registered under the IP - 37.140.192.154, located in
Example B: Copycat Paypal Page
Attempts Credential Theft
During May, Check Point researchers noticed a fraudulent website
which was trying to imitate a PayPal login page. The website is listed under
the address paypol-login[.]com.
The domain is registered first registered on 2018 and was reused once again in
late May. The domain is registered under IP in
Quote: Manager of Threat Intelligence, Lotem Finkelsteen
Quote: Lotem
Finkelsteen, Manager of Threat Intelligence at Check Point
“Cyber criminals continue to focus on tricking us through the household names we trust - think Google, Amazon and WhatsApp. However, this past quarter, we saw much more email phishing activity than usual. As we are all forced to work from home, the inbox is a prime attack method for hackers. I’d think not twice, but three times before opening up a document in email, especially if it’s allegedly from Google or Amazon. I expect the email phishing attacks to proliferate as we get into the second half of 2020, for all signs are pointing towards what could be an imminent cyber pandemic. To stay safe, I’d use only authentic websites, beware of special offers, and watch for lookalike domains as much as possible.”
How to Stay Safe
1.Use authentic
websites. Verify you are using or ordering from an
authentic website. One way to do this is NOT to click on promotional links in
emails, and instead Google your desired retailer and click the link from the
Google results page.
2.Beware of
“special” offers. An 80% discount on a new iPhone is
usually not a reliable or trustworthy purchase opportunity.
3.Beware of
lookalike domains. Watch for spelling errors in emails or
websites, and unfamiliar email senders.
Phishing by the Numbers
· It’s estimated that phishing is the
starting point of over 90% of all attempted cyber-attacks
· Nearly one-third (32%) of actual data
breaches involved phishing activity (Source: Verizon 2019)
· Phishing
was present in 78% of cyber-espionage incidents and the installation and use of
backdoors to networks (Source: Verizon 2019)