Social Media subject to imitation in phishing attempts in the third quarter of 2021

Check Point Research (CPR), the research division of Check Point® Software Technologies Ltd., a leading global provider of cyber security solutions, has released its new Brand Phishing Report Report for the third quarter of 2021. The report highlights the brands that cybercriminals most often imitated in their attempts to steal people's personal information or payment credentials during July, August and September.

In Q29, Microsoft continued to remain at the top as the brand most frequently targeted by cybercriminals, albeit at a slightly lower rate. 45% of all phishing attempts using a well-known brand were related to the tech giant, up from 2021% in QXNUMX XNUMX, as threat actors continue to target vulnerable, distributed workforces during the pandemic COVID-19.

Amazon replaced DHL in second place, accounting for 13% of all phishing efforts, up from 11% in the previous quarter, as criminals try to take advantage of online shopping ahead of the holiday season.

The report also reveals that, for the first time this year, social networks was among the top three industries to be imitated in phishing attempts, with WhatsApp, LinkedIn and Facebook appearing in the top ten list of most imitated brands.

“Criminals are constantly trying to innovate in their efforts to steal internet users' personal data by impersonating leading brands. For the first time this year, social channels became one of the top three categories exploited by cybercriminals, no doubt in an effort to take advantage of the increasing number of people working and communicating remotely following the pandemic,” said Omer Dembinsky, Data Research Group Manager at Check Point Software. “Unfortunately, there's not much these brands can do to help combat phishing attempts. All too often, it is the human factor that fails to perceive an error domain, μια λανθασμένη ημερομηνία ή μια άλλη ύποπτη λεπτομέρεια σε ένα κείμενο ή ένα email. Όπως πάντα, ενθαρρύνουμε τους χρήστες να είναι προσεκτικοί όταν αποκαλύπτουν τα δεδομένα τους και να το σκέφτονται δύο φορές πριν ανοίξουν συνημμένα email ή συνδέσμους, ειδικά email που ισχυρίζονται ότι προέρχονται από εταιρείες όπως η Amazon, η Microsoft ή η DHL, καθώς είναι οι πιο πιθανές για απομίμηση. Μετά τα δεδομένα του τρίτου τριμήνου, θα προτρέπαμε επίσης τους χρήστες να είναι προσεκτικοί όταν πρόκειται για μηνύματα ηλεκτρονικού ταχυδρομείου ή άλλες επικοινωνίες που φαίνεται να προέρχονται από κανάλια κοινωνικής δικτύωσης, όπως το Facebook ή το WhatsApp”.

Σε μια επίθεση phishing για ένα εμπορικό σήμα, οι εγκληματίες προσπαθούν να μιμηθούν τον επίσημο ιστότοπο ενός γνωστού εμπορικού σήματος, χρησιμοποιώντας παρόμοιο όνομα τομέα ή διεύθυνση URL και σχεδιασμό ιστοσελίδας με τον αυθεντικό ιστότοπο. Ο σύνδεσμος προς τον ψεύτικο ιστότοπο μπορεί να αποσταλεί σε στοχευμένα άτομα μέσω ηλεκτρονικού ταχυδρομείου ή μηνύματος κειμένου, ο χρήστης μπορεί να ανακατευθυνθεί κατά τη διάρκεια της περιήγησης στον ιστό ή μπορεί να ενεργοποιηθεί από μια απατηλή εφαρμογή για κινητά τηλέφωνα. Ο ψεύτικος ιστότοπος περιέχει συχνά μια φόρμα που αποσκοπεί στην κλοπή των διαπιστευτηρίων των χρηστών, των στοιχείων paymentor other personal information.

Top phishing brands in the 3rd quarter of 2021

The following are the top brands that rank based on their overall appearance in brand phishing attempts:

1. Microsoft (related to 29% of all phishing attacks worldwide.)
2. Amazon (13%)
3. DHL (9%)
4. Bestbuy (8%)
5. Google (6%)
6. WhatsApp (3%)
7. Netflix (2.6%)
8. LinkedIn (2.5%)
9. PayPal (2.3%)
10. Facebook (2.2%)

During this quarter, we witnessed a malicious phishing email trying to steal the credentials of access to a Google Account. The email (see Figure 1) sent from the Google email address (no-reply @ accounts [.] Google [.] Com) contained the subject "Help to enhance the security of your Google Account" ”. In the following fraudulent e-mail we notice that the year has not changed ("2020 Google"). The attacker was trying to entice the victim to click on a malicious link (http: // router-ac1182f5-3c35-4648-99ab 275a82a80541 [.] Eastus [.] Cloudapp [.] Azure [.] Com), which redirects the user on a fraudulent malicious login page that looks like the actual Google login page (see Figure 2). In the malicious link, the user had to enter their Google account details.

In this phishing email, we see an attempt to steal a user's LinkedIn account information. The email (see Figure 1) sent from Linkedln (linkedin @ connect [.] Com) contained the subject line "Have a new Linkedln business invitation from *****".

The attacker was trying to entice the victim to click on a malicious link, which redirects the user to a fraudulent LinkedIn login page (see Figure 2). In the malicious link (https: // www [.] Coversforlife [.] Com / wp-admin / oc / nb / LinkedinAUT / login [.] Php), the user had to enter his username and password. On the fraudulent website we see that the year has not changed ("2020 LinkedIn")

As always, we encourage users to be careful when disclosing personal information and credentials to business applications or websites, and to think twice before opening email attachments or links, especially emails claiming to come from companies such as Amazon or Microsoft. or DHL, as it is more likely to be impersonation.