The widespread move to remote working pushed Microsoft & Amazon to the top of the pile for cyber-criminals to use as so-called ‘lures’ in the 3rd quarter.
Microsoft is at the top when it comes to hacker impersonations, with Microsoft products & services featuring in nearly a 5th of all global brand phishing attacks in the 3rd quarter of 2020.
That’s according to Check Point, which found that the computing giant leapt from 5th place in the 2nd quarter (accounting for 7% of attacks) to 1st place for the quarter ended in Sept., as phishers continue to capitalise on remote workforces created by the coronavirus pandemic.
Top 10 Rankings
Behind Microsoft (related to 19% of all phishing attempts globally) were: shipping company DHL (9 %); Google (9%); PayPal (6%); Netflix (6%); Facebook (5%); Apple (5%); WhatsApp (5%); Amazon (4%); & Instagram (4%).
“For the first time in 2020, DHL entered the top 10 rankings,” observes the report, issued Mon.
The firm’s analysis also found that 44% of all phishing attacks were delivered by email, followed by web (43%) & mobile (12%).
The top 3 phishing brands exploited by email phishing attacks were Microsoft, DHL & Apple; on the web, it was Microsoft, Google & PayPal; & for mobile, WhatsApp, PayPal & Facebook in the top positions.
“Remote workers are a focal point for hackers,” observed Omer Dembinsky, Manager of Data Threat Intelligence at Check Point, in a statement.
“Companies globally have their employees working remotely because of the Coronavirus pandemic, possibly for the 1st time ever. There are currently billions of people now working remotely, many of them doing so for the 1st time in their lives.
The sudden change has left many companies & remote workers unprepared to handle the latest cyber-attacks. Hackers, sensing a big opportunity, are imitating the brand most known for work: Microsoft.”
In terms of top phishing attempts, during mid-Aug., Check Point researchers witnessed a malicious phishing email trying to steal credentials of Microsoft accounts. The attacker was trying to lure the victim to click on a malicious link which redirected the user to a fraudulent Microsoft login page.
Also, of note, during Sept., Check Point researchers noticed a malicious phishing email which was allegedly sent by Amazon & was trying to steal user’s credit information.
The email said that the user’s account was disabled due to too many log-in failures & pointed the user to a fraudulent Amazon Billing Centre website in which the user is instructed to enter billing information.
Since the coronavirus pandemic, Amazon has seen ‘explosive’ growth, as many rely on the e-commerce giant for goods throughout quarantined periods. Accordingly, hackers have made efforts to exploit Amazon’s popularity during the pandemic.
He further added, “I expect Microsoft imitations to continue as we turn the new year. I encourage remote workers to be extra cautious when receiving an email. If you get an email about your ‘Microsoft’ account, I would have my guard up.”