Facebook was the brand most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials during the fourth quarter of 2019, according to Check Point Research.
In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, redirected during web browsing, or triggered from a fraudulent mobile application.
The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.
Facebook appeared in 18% or about two in every five phishing attempts worldwide during the period covered by the latest Brand Phishing Report, which includes the busiest online shopping periods of the year.
Others in the top 10 phishing brands in the fourth quarter of 2019 were — in order of appearance in phishing attempts — Yahoo (10%); Netflix and PayPal (both at 5%); Microsoft and Spotify (3%); and Apple, Google, Chase and Ray-Ban (each at 2%).
In terms of platform, Yahoo was the most imitated brand in phishing by email (27%); Spotify via web (48%) and Chase Mobile Banking via mobile (25%).
“Cybercriminals are using a variety of attack vectors to trick their intended victims into giving up personal information and login credentials or transferring money,” said Maya Horowitz, director of Threat Intelligence and Research at Check Point Software Technologies.
“Although this is often done using spam emails, we have also seen attackers obtain credentials to email accounts, study their victim for weeks and craft a targeted attack against partners and customers to steal money,” said Horowitz.
She said that over the last two years, incidences of this type of attack have spiked with the increased use of cloud-based email, which makes it easier for criminals to disguise themselves as a trusted party.