Google & Amazon Replace Apple as Phishers' Favorite BrandsGoogle & Amazon Replace Apple as Phishers' Favorite Brands
Google and Amazon were the most imitated brands in the second quarter, knocking out Apple.
August 4, 2020
Google and Amazon tied for the two most commonly imitated brands in phishing attacks during the second quarter of 2020, while former leading brand Apple fell to seventh place.
Check Point today published its "Brand Phishing Report," which found little change in the number of brand phishing attempts but variations in the companies that attackers imitate to manipulate their victims. In brand phishing attacks, fraudsters spoof an official website of a known brand by using a similar domain and URL, and usually a webpage similar to that of the original website.
Google (13%) and Amazon (13%) combined made up more than a quarter of brand phishing attempts, researchers found. Next up were WhatsApp (9%) and Facebook (9%), followed by Microsoft (7%), Outlook (3%), Netflix (2%), Apple (2%), Huawei (2%), and PayPal (2%).
Web-based exploits were the most common type of phishing attempt, followed by email phishing — a shift from the first quarter, researchers note, during which email was third.
Attackers prefer to spoof different brands depending on the attack vector. In attacks on the Web, which made up 61% of brand phishing attempts, fraudsters most commonly imitate Google, Amazon, and WhatsApp. Emailed attacks (24%) most frequently spoof Microsoft, Outlook, and Unicredit. Mobile attacks (15%) most often imitate Facebook, WhatsApp, and PayPal.
Read more details here.
Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023