Cape Town – Microsoft was once again the brand most frequently targeted by cybercriminals, as hackers continued to try to take advantage of remote work during the Covid-19 pandemic’s second wave.
This is according to a new Brand Phishing Report for Q4 2020 by Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd, a leading provider of cyber security solutions globally.
The report highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals’ data or payment credentials during October, November and December.
The report also found that the most likely industry to be targeted by brand phishing was technology, followed by shipping and retail. This suggests that threat actors are using well-known brands in these sectors to trick users working remotely as well as customers ordering goods online during peak shopping periods.
“Criminals increased their attempts in Q4 2020 to steal peoples’ personal data by impersonating leading brands, and our data clearly shows how they change their phishing tactics to increase their chances of success,” said Maya Horowitz, Director of Threat Intelligence & Research, Products at Check Point.
“As always, we encourage users to be cautious when divulging personal data and credentials to business applications, and to think twice before opening email attachments or links, especially emails that claim to from companies, such as Microsoft or Google, that are most likely to be impersonated.”
This is how it works:
In a brand phishing attack, criminals try to imitate the official website of a well-known brand. They do this by using a similar (but not the same) domain name or URL and web-page design to the genuine site.
A link to a fake website will be sent to the targeted individuals by email or text message. The user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website usually contains a form intended to steal users’ credentials, payment details or other personal data.
This is an example of a DHL phishing email where the the threat actor attempted to steal passwords.
In November, a malicious phishing email used DHL’s branding in a bid to steal users’ passwords.
The email was sent from the spoofed email address [email protected], contained the subject “RE: Your DHL parcel (Available for pick up) – [<recipient email>]” with the user’s email.
The attacker was trying to lure the victim to click on a malicious link, which redirected the user to a fraudulent login page. The login page would require the user needed to enter their password, which would then be sent to the site selected by the attacker.
This is an example of a Microsoft phishing email where the hacker tried to steal credentials.
In December, a malicious phishing email was trying to steal credentials of Microsoft Office 365 account users.
The email contained the subject “Doc(s) Daily delivery #- <ID Number>” and the content impersonated eFax service.
After the user clicks on the link, they are taken to another document which redirects the user to a fraudulent Microsoft login page.
These are the top brands ranked by their overall appearance in brand phishing attempts:
1. Microsoft (related to 43% of all brand phishing attempts globally)
2. DHL (18%)
3. LinkedIn (6%)
4. Amazon (5%)
5. Rakuten (4%)
6. IKEA (3%)
7. Google (2%)
8. Paypal (2%)
9. Chase (2%)
10. Yahoo (1%)
IOL TECH