Facebook named most imitated brand for phishing
Facebook has been named the most imitated brand when it comes to appearance in phishing scams, appearing in 18% of all brand phishing attempts globally.
This is according to Check Point's threat intelligence arm, Check Point Research, in its Brand Phishing Report for Q4 2019.
Facebook was followed by Yahoo! with 10%, Netflix and PayPal with 5%, Microsoft and Spotify with 3%, then Apple, Google, Chase and Ray-Ban with 2% each.
The report highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials during Q4 2019, which includes the busiest online shopping periods of the year.
In a brand phishing attack, attackers try to imitate the official Web site of a well-known brand by using a similar domain name or URL and Web page design to the genuine site.
The link to the fake Web site can be sent to targeted individuals by e-mail or text message, redirected during Web browsing, or triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.
Brands by platform.
According to Check Point, during Q4 there were significant differences in the brands being used in each phishing vector. For example, the focus in the mobile vector was on major technology & social media brands as well as banks.
Email represented 27% of all phishing attacks during Q4 2019, followed by Web with 48% and mobile with 25%.
Maya Horowitz, head of Cyber Research and Threat Intelligence of Check Point Research, says bad actors are employing a variety of attack vectors to trick their intended victims into giving up personal information and login credentials or transferring money.
“Although this is often done using spam emails, we have also seen attackers obtain credentials to email accounts, study their victim for weeks and craft a targeted attack against partners and customers to steal money. Over the last two years, incidences of this type of attack have spiked with the increased use of cloud-based email, which makes it easier for criminals to disguise themselves as a trusted party. Phishing will continue to be a growing threat in 2020.”
Check Point’s Brand Phishing Report is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cyber crime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analysed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.
Check Point’s Threat Prevention Resources are available at: http://www.checkpoint.com/threat-prevention-resources/index.html