Almost all of us aware that cybercriminals are continuously eyeing looking for any vulnerability to hack or inject malware into your system. What about cybercriminal’s phishing attempts? We all like to think we would never fall into such traps. But some of us un-intensely make a mistake or ignore security guidelines; and fall into the phishing trape.
According to Verizon’s Report, approx 32% of data breaches happened via phishing attacks. Cybercriminals are becoming more sophisticated day-by-day, and phishing is their crucial weapon to try and trick users into giving up confidential data.
According to Check Point Research’s Brand Phishing Report for Q1 2020, Apple is the most imitated brand for phishing attempts, from 7th position it rose to the top spot (relating to 2% of all brand phishing attempted globally in Q4 of 2019).
10% of all brand phishing attempts are from top famous tech brands as cybercriminals looking to utilize its value and brand recognization. Netflix took the 2nd spot with 9% of all phishing attempts related to the brand, maybe in part due to the rise in people accessing the platform during the lockdown. The Chase Bank brand phishing attempts increased by 3% from Q4 2019 to take the sixth position, with 5% of all phishing attempts seeking to exploit this company.
Moreover, in the Check Point’s Q1 Report, Mobile Phishing was the second most common attack vector compared to Q4 of 2019 where it ranked in third place. Maybe this is due to lockdown when most of the people, including employees, are relying on mobile devices, whether to access email, official use, or for entertainment purposes.
Top Phishing Brands
We are highlighting below top 10 most imitated brands sorted by their overall appearance in brand phishing attempts in Q1 report:
1. Apple (related to 10% of all brand phishing attempts globally)
2. Netflix (9%)
3. Yahoo (6%)
4. WhatsApp (6%)
5. PayPal (5%)
6. Chase (5%)
7. Facebook (3%)
8. Microsoft (3%)
9. eBay (3%)
10. Amazon (1%)
Top phishing brands by platform
Following are top phishing brands by platforms
Email (18% of all phishing attacks during Q1)
1. Yahoo
2. Microsoft
3. Outlook
4. Amazon
Web (59% of all phishing attacks during Q1)
1. Apple
2. Netflix
3. PayPal
4. eBay
Mobile (23% of all phishing attacks during Q1)
1. Netflix
2. Apple
3. WhatsApp
4. Chase
Top phishing brands by industries
1. Technology
2. Banking
3. Media
We also have highlighted, how cybercriminals targeting users via different-different methods. See below examples
Example of how cybercriminals attempt Netflix Phishing attack
In Feb month, when pandemic starts rising, a cybercriminal found trying to imitate Netflix services using the duplicate domain (netflix-pagos\.com).
Example, how cybercriminals attempted to steal login credential form Chase Bank login page
In this quarter, experts identified fraudulent duplicate websites trying to imitate the main login pages of banks. See below image, how an attacker is trying to steal Chase Bank’s user’s login credentials. Website domain URL chasecovid19s\.com/home/myaccount/access\.php this was first active in March 2020 and registered under the IP – 23.229.221.103, location of this domain IP is United States.
Experts report found the attacker has booked and using many other duplicate domains to steal login credential data.
Example of Airbnb – Coronavirus update scam
Last month, a website that was attempting to imitate the Airbnb login page and probably intended to give updates on Airbnb Service during this period.
Example of login credential theft from Unicredit login page
Feb 2020, Cybersecurity experts noticed a website mastriapaypal\.com (IP – 216.239.38.21) is diverting users to Unicredit bank login page under the URL below:
ghlinkup\.com/wp-content/plugins/wp-component/wp-com/img/js/pp/ –
Example of Yahoo Japan domain scam
In March 2020, a fraudulent domain yahoo-mask\.com (IP address – 45.34.181.228) offered face masks to Japanese via what appeared to be Yahoo Japan.
Example of login credentials theft via WhatsApp log in page
In Feb 2020, a fraudulent website mail\.whatsapp\.vvipx9\.com/login.php (IP address 5.189.170.134) is presenting a false WhatsApp web login page in the Indonesian language asking Facebook credentials to connect.
Conclusion:
In a brand phishing attack, cybercriminals attempting to imitate the website of major brands by using a similar look-like domain. Cybersecurity is always a major challenge for businesses and individuals. Cybercriminals are continuously carrying a variety of campaigns to steal user’s essential data, inject malware into the system. During the coronavirus, outbreak employees are working remotely without adequate security and in the absence of cybersecurity experts. In recent months we have seen severe growth phishing attempts and security-related incidents. Users should be careful to avoid falling victim to such scams. Always re-confirm the website URL you are using or when login. Avoid clicking random ads, links in email, or attachments. Beware of similar website URLs.
Also Read: Data Protection and Compliance While Working From Home
