sb-eu logo
Story image

Google and Amazon overtake Apple as most imitated brands - Check Point

Google and Amazon were the most imitated brands in phishing attempts for the second quarter of 2020, according to Check Point. 

According to Check Point's Q2 Brand Phishing Report, Apple fell from the top spot in quarter one to 7th place.

Check Point's Q2 Brand Phishing Report outlines the latest trends in ‘brand phishing’, a term used to describe when a hacker imitates an official website of a known brand by using a similar domain or URL.

Hackers leverage a variety of methods to send links to deceptive websites, redirecting users during their web browsing experiences. Typically, the intention of a hacker is to steal credentials, personal information or payments. The report covers the months of April, May and June 2020.

The total number of Brand Phishing detections remains stable compared to Q1 2020, the report said.

The top 10 brands ranked by their overall appearance in brand phishing events during Q2 2020 were:

  • Google (13%)
  • Amazon (13%)
  • WhatsApp (9%)
  • Facebook (9%)
  • Microsoft (7%)
  • Outlook (3%)
  • Apple (2%)
  • Netflix (2%)
  • Huawei (2%)
  • PayPal (2%)

According to the report, email phishing exploits were the second most common type after web-based exploits, compared to Q1 where email was third. 

The reason for this change may be the easing of global Covid-19 related restrictions, which have seen businesses re-opening and employees returning to work, Checkpoint says.

Making up nearly a quarter (24%) of all phishing attacks, email phishing exploits targeted Microsoft, Outlook and Unicredit, in that order.

Almost 15% of phishing attacks trace to mobile. Facebook, WhatsApp and then PayPal are the most imitated brands on mobile, in that order.

“Cyber criminals continue to focus on tricking us through the household names we trust - think Google, Amazon and WhatsApp," says Lotem Finkelsteen, manager of threat intelligence at Check Point. 

"However, this past quarter, we saw much more email phishing activity than usual. As we are all forced to work from home, the inbox is a prime attack method for hackers. 

"I’d think not twice, but three times before opening up a document in email, especially if it’s allegedly from Google or Amazon. I expect the email phishing attacks to proliferate as we get into the second half of 2020, for all signs are pointing towards what could be an imminent cyber pandemic. 

"To stay safe, I’d use only authentic websites, beware of special offers, and watch for lookalike domains as much as possible.”

Phishing by the Numbers

It’s estimated that phishing is the starting point of over 90% of all attempted cyber-attacks. Nearly one-third (32%) of actual data breaches involved phishing activity. Phishing was present in 78% of cyber-espionage incidents and the installation and use of backdoors to networks.

How to Stay Safe

Use authentic websites. Verify you are using or ordering from an authentic website. One way to do this is NOT to click on promotional links in emails, and instead Google your desired retailer and click the link from the Google results page.
Beware of “special” offers. An 80% discount on a new iPhone is usually not a reliable or trustworthy purchase opportunity.
Beware of lookalike domains. Watch for spelling errors in emails or websites, and unfamiliar email senders.

Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
Proofpoint launches new SMB focused security awareness training
Proofpoint has launched security awareness training for small to medium businesses (SMBs) with the aim of reducing successful phishing attacks and malware infections to almost zero. More
Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
Acronis announces new security endpoint solution
The solution is an integration of data protection and cybersecurity which provides customers with effective endpoint protection in a landscape where the pointlessness of perimeter security is becoming more pronounced.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More