- Apple has remained the most imitated brand as per the latest brand phishing report by Check Point, followed by Netflix, PayPal, and eBay.
- The tech industry was found to be the most vulnerable to brand phishing attacks, followed by the banking and media industries.
Brand popularity influences market trends and consumer behavior alike. However, certain nefarious elements of the cyberspace often feed off the popularity of famous brands for their own advantage.
According to Check Point’s latest Brand Phishing Report for Q1 2020, Apple customers are the biggest target of cybercriminals with 10% of all brand phishing attempts. The new security report by the researchers also revealed that web-based phishing campaigns accounted for 59% of attack attempts overall.
What’s brand phishing?
Brand phishing involves criminals trying to imitate an official website of a well-known brand by using a similar domain or URL, and designing a web page identical to the original website.
As per the recent brand phishing report by Check Point, the tech industry was found to be the most vulnerable to attacks in brand phishing, followed by the banking and media industries.
Key highlights from the report
Apple suffered 10% of all brand phishing attempts globally for Q1 this year, rising to 1st position from the 7th spot in Q4 of 2019. Other brands following the sequence included Netflix at 9%, Yahoo and WhatsApp at 6%, PayPal and Chase at 5%, Facebook, eBay and Microsoft at 3% and Amazon at 1%.
Brand popularity in phishing attempts varies by attack vector. Here’s what the researchers found for different attack vectors, along with the most frequently impersonated brands for each vector.
- Web (59% of attacks) - Apple, Netflix, PayPal, eBay
- Mobile (23% of attacks) - Netflix, Apple, WhatsApp, Chase
- Email (18% of attacks) - Yahoo, Microsoft, Outlook, Amazon
How does brand phishing work?
It is very similar to other phishing attacks, except it imitates popular brands to establish trust among unsuspecting victims.
Hackers attach the link to the fake website in emails or text messages, or it may be redirected to by a fraudulent mobile application.
The fake websites typically display a form seeking personal information of the users to steal their credentials, payment details, or something else.
Maya Horowitz, Product Director of Threat Intelligence and Research department at Checkpoint, said, “Cybercriminals continue to exploit users by adopting highly sophisticated phishing attempts via emails, web and mobile applications purporting to be from well-recognized brands which they know will be in high demand at the moment, whether that’s a high profile product launch or just generally tapping into behavioral changes we’ve seen during the coronavirus pandemic.”
How to avoid becoming a victim?
In the current scenario, attackers are focused on COVID-19 related phishing campaigns. However, to identify such phishing attempts, whether it is brand or epidemy related, one must take several precautions such as:
- Observe the links received in the emails before clicking on it.
- Be careful of fake promotional offers with outlandish discounts on famous brands.
- Avoid providing your credentials to any unknown entities.
- Also, it is strongly advised to check domain names. One might spot spelling mistakes in a domain name, which is a common occurrence in phishing domains.