The COVID-19 pandemic has spurred spoofing preference changes, with also an increase in email-based attacks.
Google & Amazon overtook Apple in the 2nd quarter (Q2) of 2020 as the brand most spoofed by attackers to tempt people into falling for phishing attacks. The change is likely due to activity related to the COVID-19 pandemic, says new research.
Stable
While the no. of so-called brand-phishing attacks remained stable from the 1st quarter of 2020 to the 2nd, there was a major shift in position for the companies that threat actors think people are most likely to trust, or whose pages they will most likely click on, says Check Point Research’s Brand Phishing Report for Q2.
Brand phishing is a type of attack in which a threat player imitates an official website of a known brand by using a similar domain or URL in an attack, as well as in some cases a copycat web page similar or identical to the actual company’s original website in look &feel.
Attackers also began using email increasingly as a vector in these types of attacks in Q2, likely inspired by the amount of people relying on virtual communication while working at home during the COVID-19 pandemic, noted Check Point Manager of Threat Intelligence, Lotem Finkelsteen.
“As we are all forced to work from home, the inbox is a prime attack method for hackers,” he observed. “I’d think not twice, but 3 times before opening up a document in email, especially if it’s allegedly from Google or Amazon.”
Malicious & Deceptive
Attackers send malicious & deceptive links via email or text messaging, & then guide a potential victim via web redirects or a fraudulent mobile app to a spoofed page, where they try to steal credentials, personal information, or intercept payments.
Technology companies were the No. 1 industry for attackers to target in such attacks, followed by banking & social networks. In the first quarter of 2020, Apple was the most popular brand among attackers in the tech sector for luring phishing victims.
Top Spot
However, in the 2nd quarter, Google had the top spot alongside Amazon with each brand used in 13% of attacks in Check Point’s data, followed by WhatsApp & Facebook (9%), Microsoft (7%) and Outlook (3%), observes the report.
Apple went to the No. 7 spot, shared with Netflix, Huawei & PayPal, all of which were represented in 2% of brand-phishing attacks.
The end of the 2nd quarter encompassed the early days of the COVID-19 crisis, with many countries around the world enforcing stay-at-home orders, which could explain for the change in preference by attackers.
Seeking Information
With people confined at home & seeking information about Coronavirus, Google, as the top search engine, would become even more popular than usual.
Using Amazon to purchase goods for delivery, as many stores were closed or had limited opening hours in the beginning of Q2, also has seen a massive surge since the pandemic started, driving more interest in that brand as well. Indeed, researchers saw a pair of recent phishing campaigns aimed at lifting credentials, & other personal information under the guise of Amazon package-delivery notices.
Shift
Q2 also saw a shift in the specific vectors being used for attacks. As is typical, the web was the main conduit for brand phishing attacks, with 61% of them originating there. However, email, which was 3rd in Q1, moved to the 2nd spot in the following quarter with 24% of attacks, & mobile dropped to 3rd with 15% of attacks, researchers confirmed.
For so many people also relying on email as they worked from home during the pandemic, as businesses began to reopen near the end of Q2 the easing of restrictions increased email traffic as a method for attack, says Check Point.
Phishing Campaign
One phishing campaign in June took advantage of this, along with the post-COVID-19 work environment by seeming to send Coronavirus training resources to employees returning to work. Instead, the emails sent malicious links.
The overall leaders, Google & Amazon, were the top 2 also used the most in web attacks, followed by WhatsApp; while Microsoft & Outlook, not surprisingly, were No. 1 & 2 in email-based attacks, followed by Unicredit. Facebook, WhatsApp & PayPal were the leaders in mobile-based brand phishing attacks in Q2, stated the report. Almost 15% of phishing attacks are traced to mobile, it was observed.
False Website
The brand-phishing efforts show no sign of stopping. During late June, Check Point researchers witnessed a false website which was trying to imitate the login page of Apple’s cloud services, iCloud.
The reason for this was to try & steal iCloud login credentials & accordingly, the phishing URL was listed under the domain account-icloud[.]com. The domain was 1st active late June.
