Check Point researchers released their report on brand-hijacking phishing in the second quarter. The report describes the latest trends in brand hijacking phishing, a term used to describe a hacker's imitation of an official website of a known brand using a similar domain or URL.
Hackers use different methods to send links to deceptive websites, redirecting users while they are browsing the web. The intention of hackers is usually to steal login details, personal information, or payment information. The report covers the months of April, May and June 2020.
Google and Amazon in the lead, Apple relegated
Google and Amazon were the most emulated brands in phishing attempts, while Apple (the most hijacked brand in Q1) moved from # 1 in Q1 to # 7. The total number of detections of brand-hijacking phishing attempts remains stable compared to Q1 2020. The top 10 brands ranked by their presence in brand-hijacking phishing events in Q2 2020 are:
- Google (13%)
- Amazon (13%)
- WhatsApp (9%)
- Facebook (9%)
- Microsoft (7%)
- 6. Outlook (3%)
- 7. Apple (2%)
- 8 . Netflix (2%)
- 9. Huawei (2%)
- 10. PayPal (2%)
Email phishing is on the rise
Email phishing attempts were the most frequent, after web attempts, compared to the first quarter when email phishing attempts were in third place. The reason for this change could be the relaxation of restrictions related to Covid-19, which has seen the reopening of companies and the return of employees to their workplaces. Representing almost a quarter (24%) of all phishing attacks, email phishing targeted Microsoft, Outlook, and Unicredit, in that order.
Facebook, the mobile phishing trap
Almost 15% of phishing attacks target mobile phones. Facebook, WhatsApp, and PayPal are the most emulated brands on mobile, in that order.
Example: Fake iCloud login page that seeks to steal credentials
In late June, Check Point researchers discovered a scam website that attempted to mimic Apple's iCloud online services login page. The purpose of this website (example below) is to try to steal iCloud login credentials through the domain name "account-icloud [.] Com". The domain was active for the first time at the end of June 2020, with the IP address 37.140.192.154 located in Russia.
Example: Copy of a Paypal page that tries to steal credentials
In May, Check Point researchers noticed a scam website that attempted to mimic a PayPal login page. The website uses the domain name "paypol-login [.] Com". The domain has been registered since 2018 and was reused again at the end of May. The domain is associated with the US IP address 52.22.86.101.
“ Cyber criminals continue to mislead users by using well-known brands that we trust - think of Google, Amazon and WhatsApp, for example. However, over the past quarter we have seen a marked increase in email phishing activity , ”says Lotem Finkelstein, Head of Threat Intelligence at Check Point . “ You don't have to look very far to find the reason. The containment measures brought about by Covid-19 have forced us all to work from home. This situation makes our mailboxes an excellent method of attack for hackers. My advice would be to think not twice but three times before opening an email attachment.
Especially if the latter seems to come from Google or Amazon. I expect email phishing attacks will continue to increase in the second half of 2020 as all signs point in the direction of what could turn out to be a cyber pandemic. To keep it safe, I recommend using only genuine websites, watching out for specials, and trying as much as possible to spot lookalike domains. "
Phishing in numbers
It is estimated that over 90% of all cyber attacks - or attempted cyber attacks - start with phishing. This technique is used in almost a third (32%) of current data leaks (source: Verizon 2019). Phishing was also involved in no less than 78% of incidents reported in terms of cyber-espionage and during the installation and use of backdoors intended to break into networks (source: Verizon 2019).
Three simple tips against phishing
- Use only genuine websites. Make sure you are viewing a genuine website or ordering from a genuine website. One way to do this is to DO NOT click on promotional links in emails and enter the name of the desired sales site on Google, then clicking on the link shown in Google results.
- Watch out for “special” offers. An 80% discount for a new iPhone is very tempting but is usually not a reliable option
- Watch out for look-alike domains. Watch out for misspellings in emails or on websites, and watch out for emails from unknown senders.
No comments:
Post a Comment