Apple and Netflix most imitated brands in phishing attacks

A tenth of all brand phishing attempts seen in the first three months of 2020 related to Apple, an 8% rise over the previous calendar quarter, as cyber criminals capitalised on the firm’s powerful brand recognition, according to statistics compiled and released by Check Point.

In its newly published Brand phishing report for Q1, Check Point found that bad actors were also increasingly imitating streaming platform Netflix (9%), and Yahoo! (6%) as they seek to steal personally identifiable information (PII) and payment credentials from unsuspecting consumers.

In a typical brand phishing attack, cyber criminals will imitate – often convincingly – a well-known brand’s official website using similar domain names, URLs, and page design. Victims are lured in by fraudulent emails or text messages or redirected through compromised web browsers and malicious mobile applications. Fake websites will most usually contain forms intended to steal data.   

The rest of the top 10 spoofed brands were WhatsApp, Paypal, US bank Chase, Facebook, Microsoft, eBay and Amazon, and Check Point said that unsurprisingly, many of these phishing attempts were additionally tailored to exploit the global Covid-19 coronavirus pandemic.

“Cyber criminals continue to exploit users by adopting highly sophisticated phishing attempts via emails, web and mobile applications purporting to be from well-recognised brands which they know will be in high demand at the moment, whether that’s a high profile product launch or just generally tapping into behavioural changes we’ve seen during the coronavirus pandemic,” said Maya Horowitz, director of threat intelligence and research, products at Check Point.

“Phishing will continue to be a growing threat in the coming months, especially as criminals continue to exploit the fears and needs of people using essential services from their homes,” she said. “As always, we encourage users to be vigilant and cautious when divulging personal data.”

Check Point said the industries targeted during the first three months of 2020 represented a broad spread of well-known and well-used consumer sectors, especially during the coronavirus pandemic, during which people are getting to grips with using technology in new ways, using more home entertainment services, and grappling with sudden changes to their household finances.

While coronavirus-linked phishing lures do currently account for the bulk of such threats being seen by the industry, it is important to note that overall volumes of phishing emails and other cyber criminal threats have not really been seen increasing during the crisis.

This could easily change as global lockdowns lengthen and the pandemic increases in its scope, but so far, there is a degree of agreement that malicious actors have done little more than retool their existing arsenal of threats to take advantage of the pandemic. This is according to, among others, the UK’s National Cyber Security Centre (NCSC) and its US government counterpart, the Cybersecurity and Infrastructure Security Agency (CISA)

“Malicious cyber actors are adjusting their tactics to exploit the Covid-19 pandemic, and the NCSC is working around the clock with its partners to respond,” said NCSC operations director Paul Chichester.

“Our advice to the public and organisations is to remain vigilant and follow our guidance, and to only use trusted sources of information on the virus, such as the UK government, Public Health England or NHS websites.”

Check Point’s report is backed up by the firm’s ThreatCloud intelligence services, a collaborative cyber crime-fighting network that pulls data from a worldwide network. Its database holds over 250 million IP addresses analysed for bot discovery, 11 million malware signatures, and 5.5 million compromised websites.