Hackers imitate Microsoft, Amazon emails to target customers with phishing

Hackers and cybercriminals are imitating emails from Microsoft, Amazon and DHL to enhance chances of success with their phishing attempts, as per a report by Israel-based cybersecurity organisation Check Point. The Q3 brand phishing report also revealed that for the first time, social media has entered the top three avenues for phishing attempts, with WhatsApp, LinkedIn and Facebook appearing in the top ten list of imitated brands.

“Social channels have become one of the top three categories exploited by cybercriminals, no doubt in an attempt to take advantage of the increasing number of people working and communicating remotely,” said Omer Dembinsky, Data Research Group Manager at Check Point Software.  

Brand phishing attacks are those in which criminals imitate the website or official domain of a well-known brand in order to dupe consumers into clicking on malicious links or downloading such attachments. “The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information,” Check Point said in its blog.

The usual method of stealing data includes a form in which user credentials and payment details or personal information are stolen.   

Although Microsoft still continued to be the most frequently targeted brand, its rate had reduced from 45% in Q2 to 29% in Q3. Microsoft and Amazon took the top two places, accounting for 13% of brand phishing attempts recorded by Check Point. Amazon pipped DHL to the second position as online sales soared due to the upcoming holiday season. E-commerce site Bestbuy, Google, WhatsApp, Netflix and LinkedIn were also on the list.

“So often, it’s the human element that fails to pick up on a misspelt domain, an incorrect date, or another suspicious detail in a text or email,” said Demibinsky.

Further, payments giant PayPal and Facebook were in the eighth and tenth positions respectively. CheckPoint said that it collected and analysed cyberattack data stored on its servers on a regular basis and takes inputs from analysts and researchers while computing and analysing the data.