Facebook was the most imitated brand when it came to phishing attempts in the fourth quarter of 2019, according to a new report by Check Point Research. A phishing attempt is one where cyber criminals will try and trick a user into giving up their security information such as passwords, credit card details, date of birth, answers to security questions, etc. Phishing attempts can be via a fraudulent email that looks authentic or by copying a brand’s website or sending text messages with malicious links.
As the Check Point report shows Facebook appears to be the most popular choice globally, and nearly all 18 per cent of brand-related phishing attempts were based on the social network. What this means is that for scammers, creating a fake Facebook website was one of the preferred ways when it came to stealing information from users.
So why is Facebook the most used when it comes to phishing scams on the internet? Blame it on the popularity.
“As a website with perhaps the most registered users in the world, Facebook would definitely be a major target by attackers, and also has a huge amount of potential users that could fall victim to such attacks,” Omer Dembinsky, Data Research Team Leader, Threat Intelligence and Research Area at Check Point Software Technologies Ltd told indianexpress.com in an email.
Check Point’s report also notes that the fourth quarter, which is a holiday season across the globe and one of the busiest for online shopping, is when cyber criminals get active and try to trick users. And despite all the awareness around phishing, it remains one of the most popular tools to steal data from users.
Other brands which are popular when it comes to imitating for phishing attempts are Yahoo (10%), Netflix (5%), PayPal (5%), Microsoft (3%), Spotify (3%), Apple (2%), Google (2%), Chase (2%) and Ray-Ban (2%).
In a brand phishing attack, criminals imitate the official website of a well-known brand. The domain name is similar, the URL and user interface are also similar to the original website. Very often criminals create websites which can fool even experienced users. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.
The links are sent by email or text message, or sometimes triggered from a fraudulent mobile application, according to Check Point.
Check Point’s report showed that in email-based phishing scams, which compromised of 27 per cent of all phishing attacks during the quarter, shopping brands were the preferred vector. Web based phishing attacks were around 48 per cent during the quarter, and scammers relied on using brand names like Spotify, Microsoft, PayPal and Facebook to trick users.
For mobile based phishing attacks, which were 25 per cent in the quarter, scammers preferred to use brands like Chase Mobile Banking, Facebook, Apple and PayPal.
How to avoid phishing scams
According to Dembinsky, users should always verify if the link that they are using is from an authentic source. He explains further, “One way to do this is not to click on promotional links and emails, and instead Google your desired website and click the link from the Google results page.”
He also warns that users should beware of “special” offers. For example, “an 80 per cent discount on the new iPhone is usually not a reliable or trustworthy purchase opportunity.” So yes, users should exercise caution and not click on a link if the deal sounds too good to be true.
Other things that users should look out for are lookalike domains, spelling errors in emails or websites, and unfamiliar email senders. So if Facebook is spelled as Facebok in the URL, then it is probably a fake website. Users should always look for the padlock symbol before a URL as well.
What to do if you fall victim to a phishing scam online?
“It would be recommended to change passwords to the relevant websites, and if financial transactions were involved also contact the relevant service/card/bank to try and cancel it. For more severe cases the police should be involved,” Dembinsky notes regarding victims of phishing scams.
“Over the last two years, incidences of this type of attack have spiked with the increased use of cloud-based email, which makes it easier for criminals to disguise themselves as a trusted party. Phishing will continue to be a growing threat in 2020,” Maya Horowitz, Director, Threat Intelligence and Research, Check Point Software Technologies said on the report.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines