A recently conducted study by CheckPoint security reveals that Microsoft was the most impersonated brand by attackers who are trying to steal people’s account details and payment information.
Generally, a brand phishing campaign involves attackers posing as genuine brands and presenting fake web pages or emails in front of target users. Here, potential users are asked to fill out a form with user details and the attackers simply pull information from it.
The CheckPoint report reveals that Microsoft’s name has moved up from the 5th position in the second quarter to 3rd in quarter 3 of 2020. The report concluded that previously around 7% of the brand phishing attempts were made on Microsoft’s name but in the last quarter the number has jumped up to 19%.
The vulnerable list of brand sites that were attacked through phishing includes the likes of DHL, Google, Paypal, and Netflix apart from Microsoft. The report reveals that DHL has now entered the list of top 10 for the first time and it is followed by Google, Paypal, Netflix, Facebook, and others. It was observed that websites of the technology industry were the most targeted ones. Social media sites were followed by the banking sector and delivery based eCommerce sectors.
Speaking about the types of phishing attacks, the report conveys that most attacks were conducted through email. The report specifies that around 44% of phishing attacks were delivered through emails in the third quarter of 2020. Similarly, 43% of phishing attack was conducted via web and 12% was conducted via mobile.
It seems that the attackers are trying to take advantage of the status quo where more people are working from home. Note that the use of social media, online delivery service, and online payment systems multiplied during the outbreak of pandemic so the attackers are trying to utilize this for phishing.