sb-nz logo
Story image

Cybercriminals most likely to impersonate Apple, Netflix in phishing attacks

16 Apr 2020

Cybercriminals are most likely to impersonate major global tech companies like Apple, Netflix, Yahoo, WhatsApp and PayPal in order to trick people to clicking links or downloading attachments in malicious phishing emails.

That’s according to Check Point’s Q1 2020 Brand Phishing Report, which names the brands most likely to be impersonated in phishing campaigns.

The report, which is based on information from Check Point’s ThreatCloud intelligence, shows that cybercriminals especially love to impersonate the tech industry, with banking and media following close behind.

Check Point researchers say that this broad choice of industry sector approach covers the most well-known consumer sectors, particularly during the COVID-19 pandemic and the rise of remote working, or streaming while more people stay at home.

Check Point describes a brand phishing attack as one in which criminals imitate the official website of a well-known brand by using a similar domain name or URL and webpage design to the genuine site.  

“The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.”

According to the research, 10% of all brand phishing attempts imitated Apple – up 8% from Q4 in 2019 – because criminals are trying to capitalise on brand recognition.

Top phishing brands in Q1 2020 (The top brands are ranked by their overall appearance in brand phishing attempts):
1.      Apple (related to 10% of all brand phishing attempts globally)
2.      Netflix (9%)
3.      Yahoo (6%)
4.      WhatsApp (6%)
5.      PayPal (5%)
6.      Chase (5%)
7.      Facebook (3%)
8.      Microsoft (3%)
9.      eBay (3%)
10.   Amazon (1%)

According to Check Point’s director of threat intelligence and research, Maya Horowitz, criminals are targeting people across email, web, and mobile applications. These applications look like they are from well-recognised brands, or they tap into behavioural changes as a result of the global pandemic.

“Phishing will continue to be a growing threat in the coming months, especially as criminals continue to exploit the fears and needs of people using essential services from their homes. As always, we encourage users to be vigilant and cautious when divulging personal data.”

Check Point also published lists of the most imitated companies across web, mobile, and email. 

Web (59% of all phishing attacks during Q1)

  • Apple
  • Netflix
  • PayPal
  • eBay

Mobile (23% of all phishing attacks during Q1)

  • Netflix
  • Apple
  • WhatsApp
  • Chase

Email (18% of all phishing attacks during Q1)

  • Yahoo
  • Microsoft
  • Outlook
  • Amazon.
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More
Story image
How to secure your business against DDoS Attacks
With the upward trend of DDoS attacks this year, and an increased dependency on online channels across all industries, businesses need to be prepared, so they don’t suffer any disruption. More
Story image
DDoS attacks a wake up call for complacent businesses - Imperva
When distributed denial of service attacks created mayhem around the world in August, they left many organisations scrambling to protect themselves.More
Story image
Microsoft takes legal action to disrupt botnet and combat ransomware
Microsoft has announced it took action to disrupt a botnet, Trickbot, one of the world's most infamous botnets and prolific distributors of malware and ransomware.More
Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
NZX, Metservice attacks show Kiwi companies must rethink cyber security
The attacks are a wake-up call for New Zealand businesses to step up their threat protection and contingency planning systems.More