Cyber criminals continue to imitate well-known technology brands in their phishing attacks, playing on the trust that people have in companies such as Microsoft, according to new data compiled by Check Point Research.
In its latest Brand phishing report for Q1 2021, Check Point said Microsoft remained the most frequently targeted brand, as it was in the last quarter of 2020, with 39% of all brand phishes relating to it in some way. The researchers said this was likely to be a result of threat actors capitalising on the massive use of Microsoft’s cloud services by remote workers during the pandemic.
Shipping and financial services were also often impersonated, with 18% of all phishes relating to DHL, and two US banking brands – Wells Fargo and Chase – entering the top 10 most-phished brands during the first three months of the year. Again, this probably reflects pandemic-related surges in use of delivery services and digital payments.
“Criminals increased their attempts in Q1 2021 to steal people’s personal data by impersonating leading brands, and our data clearly shows how they change their phishing tactics to increase their chances of success,” said Omer Dembinsky, data research manager at Check Point.
“While security measures are often built into websites and apps, particularly with banking, it is the human element that often fails to pick up on scams and, as such, cyber criminals are continuing to trick people using convincing emails purporting to be from trusted brands.
“As always, we encourage users to be cautious when divulging personal data and credentials, and to think twice before opening email attachments or links, especially emails that claim to be from companies, such as banking institutions, Microsoft or DHL, that are the most likely to be impersonated.”
In a brand phishing attack, malicious actors imitate the official website of their target brand by using a convincingly similar domain name or URL – these can contain hard-to-spot substitutions, such as upper case Is in place of lower case Ls – and spoofed websites. The link to the fake website will then be sent to target individuals by email or text message, although users may also be redirected during web browsing, or via a trigger in a fraudulent mobile app.
The fake website will almost always contain an online form urging users to, for example, upgrade their Microsoft software, release their package from customs for delivery, or confirm an online payment. These forms will, of course, steal user credentials, credit card details, or other personal information entered by victims.
According to Check Point, the top 10 most frequently spoofed brands during the first quarter of 2021 were Microsoft, DHL, Google, Roblox, Amazon, Wells Fargo, Chase, LinkedIn, Apple and Dropbox.