Fake Websites a Common Attack Vector
According to Check Point, in a brand phishing attack criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and a web-page design that resembles the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application.Below are the top brands ranked by their overall appearance in brand phishing attempts:- Microsoft (29%)
- Google (19.5%)
- Apple (5.2%)
- Wells Fargo (4.2%)
- Amazon (4%)
- Walmart (3.9%)
- Roblox (3.8%)
- LinkedIn (3%)
- Home Depot (2.5%)
- Facebook (2.1%)
Recent Phishing Activity Examined
Earlier this year, Check Point warned of an upward trend that saw phishing campaigns leveraging the finance industry. For example, Wells Fargo bank took fourth place this quarter due to a series of malicious emails requesting account information.Here are some examples of phishing activity during the quarter:MicrosoftThe campaign involved deceptive emails which were sent allegedly from inside the company with sender names such as “Microsoft on <company domain>”. The subject line of these phishing emails was "RE: Microsoft account unusual sign-in activity" and they claimed to have detected unusual sign-in activity on the recipient's Microsoft account.To address this supposed security concern, the phishing emails urged recipients to review their recent activity by clicking on a provided link which leads to malicious websites unrelated to Microsoft.LinkedIn
The email falsely claimed to be from “LinkedIn” and had the subject line "Revise PO June - Order Sheet." It aimed to deceive recipients into clicking on a malicious link by disguising it as a report.Wells Fargo
The email was sent from the address "29@9bysixcoza" and appeared to be from “Wellsfargo Online”. It had the subject line "Verification Required" and aimed to trick recipients into providing their account information by claiming that certain details were missing or incorrect.Walmart
The email was sent from the address “info@chatpoodinfo” and had the subject line "Walmart eGift Card Waiting." The purpose of this fraudulent email was to deceive recipients by offering them a $500 Walmart Gift Card as a token of appreciation for their loyalty.