Check Point’s researchers highlight Yahoo! as most imitated brand for email-based phishing, and Spotify as the most imitated for web-based phishing attempts
VIENNA, Austria, Feb. 06, 2020 (GLOBE NEWSWIRE) — Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (CHKP), a leading provider of cyber security solutions globally, has published its new Brand Phishing Report for Q4 2019. The report highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials during Q4, which includes the busiest online shopping periods of the year.
In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, redirected during web browsing, or triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.
Top phishing brands in Q4 2019
The top brands are ranked by their overall appearance in brand phishing attempts:
- Facebook (related to 18% of all brand phishing attempts globally)
- Yahoo (10%)
- Netflix (5%)
- PayPal (5%)
- Microsoft (3%)
- Spotify (3%)
- Apple (2%)
- Google (2%)
- Chase (2%)
- Ray-Ban (2%)
Top phishing brands by platform
During Q4 there were significant differences in the brands being used in each phishing vector: for example the focus in the mobile vector was on major technology & social media brands as well as banks, while in the email vector, #2 was part of a shopping phishing campaign before Black Friday in November 2019.
Email (27% of all phishing attacks during Q4)
- Yahoo
- Rbs (Ray-Ban Sunglasses)
- Microsoft
- DropBox
Web (48% of all phishing attacks in Q4)
- Spotify
- Microsoft
- PayPal
Mobile (25% of all phishing attacks in Q4)
- Chase Mobile Banking
- Apple
- PayPal
“Cybercriminals are using a variety of attack vectors to trick their intended victims into giving up personal information and login credentials or transferring money. Although this is often done using spam emails, we have also seen attackers obtain credentials to email accounts, study their victim for weeks and craft a targeted attack against partners and customers to steal money,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point. “Over the last two years, incidences of this type of attack have spiked with the increased use of cloud-based email, which makes it easier for criminals to disguise themselves as a trusted party. Phishing will continue to be a growing threat in 2020.”
Check Point’s Brand Phishing Report is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.
Check Point’s Threat Prevention Resources are available at: http://www.checkpoint.com/threat-prevention-resources/index.html
Follow Check Point Research via:
Blog: https://research.checkpoint.com/
Twitter: https://twitter.com/_cpresearch
About Check Point Research
Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to governments and corporate enterprises globally. Check Point’s solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and advanced targeted threats. Check Point offers a multilevel security architecture, “Infinity Total Protection with Gen V advanced threat prevention”, this combined product architecture defends an enterprises’ cloud, network and mobile devices. Check Point provides the most comprehensive and intuitive one point of control security management system. Check Point protects over 100,000 organizations of all sizes.
