Earlier this year, Check Point revealed that Apple was the most imitated brand for phishing in Q1 but over the course of the last few months, it has fallen to seventh place with Google and Amazon now taking the top spots.
Phishing is estimated to be the starting point of over 90 percent of all cyberattacks and according to Verizon’s 2019 Data Breach Investigations Report, nearly one third (32%) of all data breaches involved phishing activity. Additionally phishing was present in 78 percent of cyber espionage incidents and the installation and use of backdoors in company networks.
While phishing attacks try to steal users credentials and other sensitive data, brand phishing involves an attacker imitating an official website of a known brand through the use of a similar domain or URL. Links to these deceptive websites that copy the style and design of a brand’s official site are sent via email or SMS and they often contain a form used to steal credentials, personal information or payments.
Top phishing brands
According to Check Point Research’s new Brand Phishing Report for Q2 2020, Google and Amazon were the most imitated brands in phishing attempts and the total number of brand phishing detections was comparable to Q1 of this year.
Email phishing exploits were the second most common type after web-based exploits compared to Q1 where email was third. The easing of global Covid-19 restrictions could be the reason for this change as businesses around the world have started reopening and employees are returning to work.
When it came to the top brand industry sectors used in phishing attacks in Q2, technology, banking and social media were the most popular among cybercriminals. In attacks that imitated email services, Microsoft, Outlook and Unicredit were the most imitated brands while Google, Amazon and WhatsApp were the most imitated web companies. On mobile, brand phishing attempts tried to impersonate Facebook, WhatsApp and PayPal.
To avoid falling victim to phishing scams, Check Point recommends that users verify they are ordering products or services from an authentic website, beware of “special” offers that seem too good to be true and look out for lookalike domains that may contain spelling errors.