Phishing attacks pretend to be a trusted company to collect sensitive information. Tech companies including Google and Amazon are the most commonly imitated.
Phishing may be the greatest threat to online security. According to Verizon’s 2019 Data Breach Investigations Report, over 90 percent of all attempted cyber attacks and 78 percent of cyber-espionage incidents started as phishing schemes. Of all the successful data breaches, one third involved some level of phishing activity. We all know about these scams, but scammers continue to use the same methods because they still work. That recent Twitter hack was made possible by phishing.
One successful practice is called brand phishing, in which attackers create a fraudulent version of an official website or app to capture credentials, personal information, or payments. According to Check Point Software Technologies, brand phishing is seen primarily in technology, banking, and social network industries. By mimicking the login screen for these types of companies, an attacker is hoping to get valuable information from the user.
So which companies are imitated the most? According to Check Point’s Brand Phishing Report for Q2 2020, and visualized by Statista, Google and Amazon were at the top of the list by a wide margin. The two tech companies accounted for 26 percent of all brands imitated in the second quarter of 2020.
Other imitated brands are WhatsApp (9 percent), Facebook (9 percent), Microsoft (7 percent), Outlook (3 percent), Netflix (2 percent), Apple (2 percent), Huawei (2 percent), and PayPal (2 percent). Check Point noted that between Q1 and Q2, Apple fell from the top spot to seventh place.
Check Point also pointed out that the companies being imitated will change depending on the location of the attack. For instance, if the phishing scheme was based on the web—as are 61 percent of all attacks—Google Amazon, and WhatsApp were the most popular brands to imitate. These attacks include fake login screens on similar domains to capture user credentials.
Phishing emails, which make up 24 percent of attacks, usually come from attackers pretending to be Microsoft, Outlook, and Unicredit. These emails typically ask the end user to click on a link or download a file. Statista has a breakdown of Symantec’s data to show the most popular subject lines, attachments, and keywords for malicious emails.
Another 15 percent of attacks come from mobile apps such as Facebook, WhatsApp, and Paypal. These are fake versions of popular apps that save information for nefarious purposes.
If you want to prevent a data breach at home or at work, we can help you avoid a phishing scam.
- Report: AI Company Leaks Over 2.5M Medical Records
- New Mac Malware Spreads Via Xcode Projects From Software Developers
- What to Do When You Want to Delete Yourself From the Internet
- US Seizes 300 Cryptocurrency Accounts for Helping Terrorists Raise Funds
- More in The Why Axis
- More in Security