Google, Amazon overtake Apple as most imitated brands in phishing attempts

Google Assistant to now help users open, search Android apps

Photo courtesy: theverge.com

New Delhi: Google and Amazon were the most imitated brands via phishing attempts in the second quarter this year while Apple which was the leading phishing brand in Q1 fell to seventh place in the June quarter, a new report said on Tuesday.

Google (13 per cent), Amazon (13 per cent) and WhatsApp (9 per cent) were the top three most imitated brands globally in Q2 across devices while Facebook was the most imitated brand on mobile, according to cybersecurity firm Check Point’s ‘Q2 Brand Phishing Report’.

Email phishing attacks surged, making up nearly a quarter (24 per cent) of all phishing attacks.

The report outlined latest trends in ‘brand phishing’, a term used to describe when a hacker imitates an official website of a known brand by using a similar domain or URL.

“Hackers leverage a variety of methods to send links to deceptive websites, redirecting users during their web browsing experiences. Typically, the intention of a hacker is to steal credentials, personal information or payments,” said the researchers.

Facebook was fifth in the overall tally, followed by Microsoft (7 per cent), Outlook (3 per cent), Apple (2 per cent), Netflix (2 per cent), Huawei (2 per cent) and PayPal (2 per cent).

Email phishing exploits were the second most common type after web-based exploits, compared to Q1 where email was third.

“The reason for this change may be the easing of global Covid-19 related restrictions, which have seen businesses re-opening and employees returning to work,” said the report.

“Almost 15 per cent of phishing attacks trace to mobile. Facebook, WhatsApp and then PayPal are the most imitated brands on mobile, respectively,” it added.

In late June, the researchers witnessed a fraudulent website which was trying to imitate the login page of Apple’s cloud services iCloud.

“The purpose of this website was to try and steal iCloud login credentials and the domain was registered in Russia,” said the report.

(IANS)

Exit mobile version