sb-eu logo
Story image

Cybercriminals most likely to impersonate Apple, Netflix in phishing attacks

16 Apr 2020

Cybercriminals are most likely to impersonate major global tech companies like Apple, Netflix, Yahoo, WhatsApp and PayPal in order to trick people to clicking links or downloading attachments in malicious phishing emails.

That’s according to Check Point’s Q1 2020 Brand Phishing Report, which names the brands most likely to be impersonated in phishing campaigns.

The report, which is based on information from Check Point’s ThreatCloud intelligence, shows that cybercriminals especially love to impersonate the tech industry, with banking and media following close behind.

Check Point researchers say that this broad choice of industry sector approach covers the most well-known consumer sectors, particularly during the COVID-19 pandemic and the rise of remote working, or streaming while more people stay at home.

Check Point describes a brand phishing attack as one in which criminals imitate the official website of a well-known brand by using a similar domain name or URL and webpage design to the genuine site.  

“The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.”

According to the research, 10% of all brand phishing attempts imitated Apple – up 8% from Q4 in 2019 – because criminals are trying to capitalise on brand recognition.

Top phishing brands in Q1 2020 (The top brands are ranked by their overall appearance in brand phishing attempts):
1.      Apple (related to 10% of all brand phishing attempts globally)
2.      Netflix (9%)
3.      Yahoo (6%)
4.      WhatsApp (6%)
5.      PayPal (5%)
6.      Chase (5%)
7.      Facebook (3%)
8.      Microsoft (3%)
9.      eBay (3%)
10.   Amazon (1%)

According to Check Point’s director of threat intelligence and research, Maya Horowitz, criminals are targeting people across email, web, and mobile applications. These applications look like they are from well-recognised brands, or they tap into behavioural changes as a result of the global pandemic.

“Phishing will continue to be a growing threat in the coming months, especially as criminals continue to exploit the fears and needs of people using essential services from their homes. As always, we encourage users to be vigilant and cautious when divulging personal data.”

Check Point also published lists of the most imitated companies across web, mobile, and email. 

Web (59% of all phishing attacks during Q1)

  • Apple
  • Netflix
  • PayPal
  • eBay

Mobile (23% of all phishing attacks during Q1)

  • Netflix
  • Apple
  • WhatsApp
  • Chase

Email (18% of all phishing attacks during Q1)

  • Yahoo
  • Microsoft
  • Outlook
  • Amazon.
Story image
Internet outages drastically increased during COVID-19 lockdowns, report finds
Global internet disruptions increased 63% in March, with internet service providers hit the hardest. This is according to the 2020 Internet Performance Report from ThousandEyes, the internet and cloud intelligence company.More
Story image
Cloud breaches set to increase in velocity and scale - Accurics
“While the adoption of cloud native infrastructure such as containers, serverless, and servicemesh is fuelling innovation, misconfigurations are becoming commonplace and creating serious risk exposure for organisations."More
Story image
Trend Micro launches cloud solution for Microsoft Azure
“The security of the cloud is a cloud providers’ responsibility, but security in the cloud falls to the customer, which is where we fit."More
Story image
A third of millennials think they're 'too boring' to be victim of cyber attack
While many millennials are concerned at how their data is being used and whether they are being targeted by cyber-attackers, according to Kaspersky any potential action taken to tighten their online security is at ‘the bottom of their to-do list’.More
Story image
Distributed workforces pose new challenges for information management
“Collaboration can be stymied, mistakes can be made, and organisations can suffer data breaches if they don’t immediately address the issue of how employees are accessing and sharing information while working remotely.”More
Story image
7 VPN services leaked data of 20 million users - report
"The report calls into question the providers’ security practices and dismisses their claims of being no-log VPN services."More