Check Point Research (CPR), the research division of Check Point® Software Technologies Ltd., the world's leading provider of cyber security solutions, has published the new Brand Phishing Report for the third quarter of 2021. The report identifies the brands that are most often imitated cybercriminals in their attempts to steal personal information or personal payment credentials during July, August and September.
In the third quarter, Microsoft continued to top the brand as the most common target of cybercriminals, albeit at a slightly lower rate. 29% of all phishing attempts using a well-known brand were related to the technology giant, up from 45% in the second quarter of 2021, as threat carriers continue to target vulnerable, distributed workforces during the COVID-19 pandemic.
Amazon replaced DHL in second place, accounting for 13% of all phishing efforts, up from 11% in the previous quarter, as criminals try to take advantage of online shopping ahead of the holiday season.
The report also reveals that, for the first time this year, social networking was among the top three industries to imitate phishing attempts, with WhatsApp, LinkedIn and Facebook appearing in the top ten of the list of most imitated brands .
"The perpetrators are constantly trying to innovate in their efforts to steal the personal data of internet users by impersonating top brands. "For the first time this year, social media has become one of the top three categories exploited by cybercriminals, no doubt in an effort to exploit the growing number of people working and communicating remotely after the pandemic," said Omer Dembinsky, Data Research Group Manager of Check Point Software. "Unfortunately, there is not much that these brands can do to help combat phishing efforts. Too often, it is the human factor that fails to grasp a wrong domain, wrong date or other suspicious detail in a text or email. As always, we encourage users to be careful when disclosing their data and to think twice before opening email attachments or links, especially emails claiming to come from companies such as Amazon, Microsoft or DHL, as they are the most likely for imitation. "After the third quarter data, we would also urge users to be careful when it comes to emails or other communications that appear to come from social networking channels such as Facebook or WhatsApp."
In a trademark phishing attack, criminals try to emulate the official website of a well-known brand by using a similar domain name or URL and designing a website with the original website. The link to the fake website may be sent to targeted individuals via email or text message, the user may be redirected while browsing the web, or it may be triggered by a rogue mobile application. The fake website often contains a form that aims to steal users' credentials, payment information or other personal information.
Top phishing brands in the 3rd quarter of 2021
The following are the top brands that rank based on their overall appearance in brand phishing attempts:
- Microsoft (related to 29% of all phishing attacks worldwide.)
- Amazon (13%)
- DHL (9%)
- Bestbuy (8%)
- Google (6%)
- WhatsApp (3%)
- Netflix (2.6%)
- LinkedIn (2.5%)
- PayPal (2.3%)
- Facebook (2.2%)
During this quarter, we witnessed a malicious phishing email trying to steal the credentials of access to a Google Account. The email (see Figure 1) sent from the Google email address (no-reply @ accounts [.] Google [.] Com) contained the subject "Help to enhance the security of your Google Account" ”. In the following fraudulent e-mail we notice that the year has not changed ("2020 Google"). The attacker was trying to entice the victim to click on a malicious link (http: // router-ac1182f5-3c35-4648-99ab 275a82a80541 [.] Eastus [.] Cloudapp [.] Azure [.] Com), which redirects the user on a fraudulent malicious login page that looks like the actual Google login page (see Figure 2). In the malicious link, the user had to enter their Google account details.
In this phishing email, we see an attempt to steal a user's LinkedIn account information. The email (see Figure 1) sent from Linkedln (linkedin @ connect [.] Com) contained the subject line "Have a new Linkedln business invitation from *****".
The attacker was trying to entice the victim to click on a malicious link, which redirects the user to a fraudulent LinkedIn login page (see Figure 2). In the malicious link (https: // www [.] Coversforlife [.] Com / wp-admin / oc / nb / LinkedinAUT / login [.] Php), the user had to enter his username and password. On the fraudulent website we see that the year has not changed ("2020 LinkedIn")
As always, we encourage users to be careful when disclosing personal information and credentials to business applications or websites, and to think twice before opening email attachments or links, especially emails claiming to come from companies such as Amazon or Microsoft. or DHL, as it is more likely to be impersonation.