In Q3, Microsoft continued its reign as the brand most frequently targeted by cybercriminals, albeit at a slightly lower rate. Twenty-nine percent of all brand phishing attempts were related to the technology giant, down from 45% in Q2 2021, as threat actors continue to target vulnerable, distributed workforces during the COVID-19 pandemic. Amazon has replaced DHL in second position, accounting for 13% of all phishing attempts versus 11% in the previous quarter, as criminals look to take advantage of online shopping in the run-up to the holiday season.
The report also reveals that, for the first time this year, social was among the top three sectors to be imitated in phishing attempts, with
"Threat actors are constantly trying to innovate their attempts to steal peoples' personal data by impersonating leading brands. For the first time this year, social channels have become one of the top three categories exploited by cybercriminals, no doubt in an attempt to take advantage of the increasing number of people working and communicating remotely in the wake of the pandemic," said
In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users' credentials, payment details or other personal information.
Top phishing brands in Q3 2021
Below are the top brands ranked by their overall appearance in brand phishing attempts:Microsoft (related to 29% of all phishing attacks globally)Amazon (13%)DHL (9%)
Google Phishing Email - Credentials Theft Example
During this quarter, we witnessed a malicious phishing mail that was trying to steal access credentials to a Google account. The email (see Figure 1), which was sent from the email address Google (no-reply@accounts[.]google[.]com), contained the subject "Help strengthen the security of your Google Account". In the following fraudulent email we notice the year wasn't changed ("2020 Google"). The attacker was trying to lure the victim to click on a malicious link (http://router-ac1182f5-3c35-4648-99ab-275a82a80541[.]eastus[.]cloudapp[.]azure[.]com) which redirects the user to a fraudulent malicious login page that looks like the real Google login website (see Figure 2). In the malicious link, the user needed to enter their Google account details.
Figure 1: The malicious email which was sent with the subject
"Help strengthen the security of your Google Account"
Figure 2: fraudulent login page
http://router-ac1182f5-3c35-4648-99ab-275a82a80541[.]eastus[.]cloudapp[.]azure[.]com
LinkedIn Phishing Email - Account Theft Example
In this phishing email, we see an attempt to steal a user's LinkedIn account information. The email (see Figure 1) which was sent from the email address Linkedln (linkedin@connect[.]com), contained the subject "You have a new Linkedln business invitation from *****". The attacker was trying to lure the victim to click on a malicious link, which redirects the user to a fraudulent LinkedIn login page (see Figure 2). In the malicious link (https://www[.]coversforlife[.]com/wp-admin/oc/nb/LinkedinAUT/login[.]php), the user needed to enter their username and their password. On the fraudulent website we can see that the year wasn't changed ("2020 LinkedIn")
Figure 1: The malicious email which was sent with the subject
"You have a new Linkedln business invitation from *****"
Figure 2: fraudulent login page
https://www[.]coversforlife[.]com/wp-admin/oc/nb/LinkedinAUT/login[.]php
As always, we encourage users to be cautious when divulging personal data and credentials to business applications or websites, and to think twice before opening email attachments or links, especially emails that claim to be from companies such as Amazon, Microsoft or DHL, as they are the most likely to be impersonated.
Blog: https://research.checkpoint.com/
Twitter: https://twitter.com/_cpresearch_
About
.
(C) 2021 M2 COMMUNICATIONS, source