A new global study on phishing says Facebook is the most imitated brand for phishing attempts online. Brand phishing refers to criminals using an imitation of a fake website of a well-kown brand by using a domain name, URL and web page design similar to the genuine website.
In addition, Yahoo! is the most imitated brand for email-based phishing, and Spotify the most imitated for web-based phishing attempts. Theses fake website often contains a form intended to steal users’ credentials, payment details or other personal information.
These startling findings form part of the brand phishing report for the latest quarter by Check Point Research, the threat intelligence wing of global cyber security experts Check Point Software Technologies. The report highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials during Q4, which includes the busiest online shopping periods of the year.
In a brand phishing attack, the link to the fake website can be sent to targeted individuals by email or text message, redirected during web browsing, or triggered from a fraudulent mobile app. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.
According to the report, 18% of all brand phishing attempts globally involved the use of a Facebook clone. Yahoo, whose email service was most copied, came in second, followed by streaming service giant Netflix, payment gateway PayPal, software giant Microsoft and music streaming service Spotify. Compared to Facebook's 18%, only 2% attempts (each) involved cloning Apple and Google.
“Cybercriminals are using a variety of attack vectors to trick their intended victims into giving up personal information and login credentials or transferring money. Although this is often done using spam emails, we have also seen attackers obtain credentials to email accounts, study their victim for weeks and craft a targeted attack against partners and customers to steal money,” said Maya Horowitz, Director, Threat Intelligence and Research, Check Point Software Technologies. “Over the last two years, incidences of this type of attack have spiked with the increased use of cloud-based email, which makes it easier for criminals to disguise themselves as a trusted party. Phishing will continue to be a growing threat in 2020.”