Phishing continues to be a key weapon in cyber-criminals’ arsenals, to try and trick users into giving up sensitive information by impersonating familiar brands.
Verizon’s 2019 Data Breach Investigations Report showed that nearly one-third (32%) of data breaches involved phishing activity. What’s more, phishing was present in 78% of cyber-espionage incidents and the installation and use of backdoors to networks.
Brand phishing involves the attacker imitating an official website of a known brand by using a similar domain or URL, and usually a web page similar to the original website. The link to the deceptive website can be sent via email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. In many cases the website contains a form intended to steal credentials, personal information or payments.
Check Point Research’s latest Brand Phishing Report for Q1 2020 shows that Apple was the most imitated brand, rising from 7th place in Q4 of 2019 to the top spot. This was due in part to the anticipated launch of the new Apple Watch, with criminals exploiting the online buzz to launch several credential theft attempts.
Furthermore, in Q1 Mobile Phishing was the second most common attack vector compared to Q4 of 2019 where it ranked in third place. This may be due to the Coronavirus pandemic which has caused people to rely more on their mobile phones for information and work. There are also similarities in the brands being used in web and mobile phishing vectors, such as Netflix and PayPal, which have risen in popularity due to an increase in the number of people working from home as a result of the Coronavirus.
Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q2 2020:
Top Phishing brands per platform
During Q1 2020, similar brands were used in mobile and web phishing vectors, which included banking and streaming services such as Chase and Netflix. Web phishing was the most prominent vector at 59%, followed by mobile phishing as the second most common attack vector compared to Q4 of 2019, where it ranked third. This is due to people spending more time on their mobile phones during the Coronavirus pandemic, which cybercriminals are taking advantage of.
Email (18% of attacks)
Web (59% of attacks)
Mobile (23% of attacks)
Top brands industries
To avoid falling victim to these scam attempts, it is recommended to take the following actions:
- Verify you are using or ordering from an authentic website. One way to do this is NOT to click on promotional links in emails, and instead Google your desired retailer and click the link from the Google results page.
- Beware of “special” offers. An 80% discount on the new iPhone is usually not a reliable or trustworthy purchase opportunity.
- Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.