Google and Amazon tied for the two most commonly imitated brands in phishing attacks during the second quarter of 2020, while former leading brand Apple fell to seventh place.
Check Point today published its "Brand Phishing Report," which found little change in the number of brand phishing attempts but variations in the companies that attackers imitate to manipulate their victims. In brand phishing attacks, fraudsters spoof an official website of a known brand by using a similar domain and URL, and usually a webpage similar to that of the original website.
Google (13%) and Amazon (13%) combined made up more than a quarter of brand phishing attempts, researchers found. Next up were WhatsApp (9%) and Facebook (9%), followed by Microsoft (7%), Outlook (3%), Netflix (2%), Apple (2%), Huawei (2%), and PayPal (2%).
Web-based exploits were the most common type of phishing attempt, followed by email phishing — a shift from the first quarter, researchers note, during which email was third.
Attackers prefer to spoof different brands depending on the attack vector. In attacks on the Web, which made up 61% of brand phishing attempts, fraudsters most commonly imitate Google, Amazon, and WhatsApp. Emailed attacks (24%) most frequently spoof Microsoft, Outlook, and Unicredit. Mobile attacks (15%) most often imitate Facebook, WhatsApp, and PayPal.
Read more details here.