Cybercriminals imitated Facebook the most for phishing attempts: Report
Cybercriminals imitated Facebook the most for phishing attempts in their attempts to steal individuals' personal information or payment credentials during October-December period which is the busiest online shopping periods of the year, a new report said on Friday.
According to Check Point Research, the threat intelligence arm of Check Point Software Technologies, Yahoo! was the most imitated brand for email-based phishing while Swedish music streaming app Spotify the most imitated for web-based phishing attempts.
In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site.
The link to the fake website can be sent to targeted individuals by email or text message, redirected during web browsing, or triggered from a fraudulent mobile application.
The fake website often contains a form intended to steal users' credentials, payment details or other personal information, said the 'Brand Phishing Report for Q4 2019'.
"Cybercriminals are using a variety of attack vectors to trick their intended victims into giving up personal information and login credentials or transferring money," said Maya Horowitz, Director, Threat Intelligence and Research, Check Point Software Technologies.
"Although this is often done using spam emails, we have also seen attackers obtain credentials to email accounts, study their victim for weeks and craft a targeted attack against partners and customers to steal money," Horowitz added.
Netflix was third at 5 per cent, followed by Paypal at 5 per cent, Microsoft at 3 per cent.
During Q4, there were significant differences in the brands being used in each phishing vector -- for example the focus in the mobile vector was on major technology and social media brands as well as banks.
Check Point's ThreatCloud database holds over 250 million addresses analysed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.