Hackers imitated Microsoft the most to lure people into giving up their personal data or payment credentials in the third quarter of this year, a new report by researchers at cybersecurity firm Check Point said on Monday.
As cybercriminals sought to capitalize on large numbers of employees still working remotely, Microsoft appeared in 19 percent of all brand phishing attempts globally, said the Brand Phishing Report for Q3 2020 by Check Point Research.
In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site.
The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application.
The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.
Microsoft rose from fifth place in Q2 to the top place in Q3 for brand phishing attacks.
In the brand phishing report for Q3, Microsoft was followed by DHL, Google, PayPal, Netflix, Facebook, Apple, WhatsApp, Amazon, and Instagram.
For the first time in 2020, DHL entered the top 10 rankings, taking the second spot with 9 percent of all phishing attempts related to the company.
“Remote workers are a focal point for hackers. Companies globally have their employees working remotely because of the coronavirus pandemic, possibly for the first time ever.
“There are currently billions of people now working remotely, many of them doing so for the first time in their lives. The sudden change has left many companies and remote workers unprepared to handle the latest cyber attacks,” Omer Dembinsky, Manager of Data Threat Intelligence at Check Point said in a statement.
“Hackers, sensing a big opportunity, are imitating the brand most known for work: Microsoft. I expect Microsoft imitations to continue as we turn the new year,” Dembinsky said, adding that remote workers should be extra cautious when receiving an email about their “Microsoft” account.
During Q3, email phishing was the most prominent type of brand phishing platform, accounting for 44 percent of attacks, closely followed by web phishing (43 percent), which was the second most attacked platform compared to Q2, where it ranked first.
The top phishing brands exploited by email phishing attacks were Microsoft, DHL, and Apple, respectively, said the report.
