A new study by Check Point Research shows that cyber criminals are using well-known brands to lure victims into clicking on nefarious links, providing personal information or credentials, or getting users to transfer money.
This is an old malware trick that we used to see and now recognize. Scammers send a phishing email after copying and pasting the logo of Federal Express, UPS or a bank, and request that the recipient click on a link or provide a payment.
The criminals are using other brands now, and according to Check Point Research, in the last quarter of 2019, the brands used most often to target victims with phishing emails included Facebook (18 percent of all phishing attempts globally), Yahoo (11 percent), Netflix (5 percent), PayPal (5 percent), Microsoft (3 percent), Spotify (3 percent), Apple (2 percent), Google (2 percent), Chase (2 percent) and Ray-Ban (2 percent). Although the percentages seem small, remember that these are global statistics. That is a lot of phishing emails using those brands.
At one point, the imitation of Microsoft got so bad that Microsoft issued a warning to U.S. officials, think tanks, peace organizations, university staff, and individuals working on nuclear technology to beware of phishing emails targeting them by fraudsters using Microsoft’s brand.
The trick is the same—the fraudsters transpose one letter in the email address or delete one letter to make someone think it is real and not notice the transposed or missing letter.
Phishing emails continue to be the most frequent attack vector of ransomware attacks, so reading emails with an eagle eye, scrutinizing anything received through email, and being wicked paranoid is crucial to protecting personal and business systems.