Over the past two weeks we’ve seen a number of firms release reports for Q4 of 2019, and the cybersecurity industry is no different as Check Point Research has unveiled its latest phishing report for that period.
In it the report looks specifically at brands those cybercriminals like to imitate in order to carry out their attacks, and Check Point identified 10 in particular that proved popular during the forth quarter of last year.
As you can probably tell from the headline, Facebook led the way, but the entire list of 10 is as follows:
- Facebook (related to 18 percent of all brand phishing attempts globally)
- Yahoo (10 percent)
- Netflix (5 percent)
- PayPal (5 percent)
- Microsoft (3 percent)
- Spotify (3 percent)
- Apple (2 percent)
- Google (2 percent)
- Chase (2 percent)
- Ray-Ban (2 percent)
As for what constitutes a brand phishing attack, Check Point explains it as an attack where criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and webpage design to the genuine site.
The link to the fake website can be sent to targeted individuals via email or text message, redirected during web browsing, or triggered from a fraudulent mobile application, the firm notes. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information, Check Point highlights.
Providing a bit more insight the firm adds that phishing attacks are far from random, and that cybercriminals often know exactly who they are targeting.
“Cybercriminals are using a variety of attack vectors to trick their intended victims into giving up personal information and login credentials or transferring money. Although this is often done using spam emails, we have also seen attackers obtain credentials to email accounts, study their victim for weeks and craft a targeted attack against partners and customers to steal money,” says Maya Horowitz, head of cyber research and threat intelligence at Check Point Research.
“Over the last two years, incidences of this type of attack have spiked with the increased use of cloud-based email, which makes it easier for criminals to disguise themselves as a trusted party. Phishing will continue to be a growing threat in 2020,” Horowitz concludes.
As always it’s always best to act cautiously when prompted to click on email links, regardless of what website, brand or platform they come from.