Google and Amazon were the top used brands in phishing attacks (13%) during Q2 2020, according to Check Point’s Brand Phishing Report. The report highlighted various other brands that were frequently impersonated by hackers in their cyber activities to steal victims’ sensitive information. Check Point stated that technology, banking, and social networking are the most targeted sectors in brand phishing attacks.
Brand Phishing Attack: An Overview
- In brand phishing attacks, attackers impersonate the official website of a popular brand by creating a similar domain name or URL of the original site.
- The links to the fraudulent website are then sent to targeted individuals via email or SMS.
- Once the user clicks on the link, it redirects them to a fake website which often contains a form intended to steal user credentials, payment details, or sensitive information.
Top Phishing Brands
According to the report, WhatsApp and Facebook stood at third and fourth positions with 9% brand phishing attacks. Similarly, Microsoft and its brand Outlook, which stood at fifth and sixth spots, were imitated in 7% and 3% of attacks, respectively. Apple (the leading phishing brand in Q1 2020) fell to seventh place in the current rankings with 2% of attacks, followed by Netflix, Huawei, and PayPal at eighth, ninth and tenth spots (2% attacks).
Top Phishing Brands Per Vector
Email phishing exploits were the second most common type after web-based exploits. “The reason for this change may be the easing of global Covid-19 related restrictions, which have seen businesses re-opening and employees returning to work,” the report said.
Top 3 Attacked Vectors
How to Stay Safe
Check Point recommended certain security measures to avoid falling victim to phishing scams, these include:
- Verify you are using or ordering from an authentic website. One way to do this is NOT to click on promotional links in emails, and instead Google your desired retailer and click the link from the Google results page.
- Beware of special offers. An 80% discount on a new iPhone is usually not a reliable or trustworthy purchase opportunity.
- Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.