By 2020, you’ve probably already experienced getting an email from a well-known company, such as Apple or Facebook, letting you know that your account has some issues with it or a payment confirmation of some sort (that you haven’t made). The email address it was sent from looks just like the company’s email, the interface of the message matches previous emails from the company, and the company website in the link looks real as well.
Everything pretty much seems right. However, this can be a typical
phishing email, or more specifically, a brand phishing attempt. The intention in this kind of email is to
have the user insert their credentials to the supposedly-real website and to
steal their personal information and, oftentimes, payment.
So what are top phishing brands?
According to Check Point Research analysis, Facebook leads the top 10 phishing brands in Q4 2019, with Technology being the top industry for which attackers try to imitate brands.
Top Phishing brands per platform:
Top brands industries:
“Cybercriminals are using a variety of attack
vectors to trick their intended victims into giving up personal information and
login credentials or transferring money. Although this is often done
using spam emails, we have also seen attackers obtain credentials to email
accounts, study their victim for weeks and craft a targeted attack against
partners and customers to steal money,” said Maya Horowitz, Director, Threat
Intelligence & Research, Products at Check Point. “Over the last two years,
incidences of this type of attack have spiked with the increased use of cloud-based
email, which makes it easier for criminals to disguise themselves as a trusted
party. Phishing will continue to be a growing threat in 2020.”
How to protect yourself from brand phishing emails:
It has become virtually impossible to distinguish nowadays between a real and a fake email from a well-known company, especially one you’re likely a customer/member of, as the design, logo, and name seem so real. Therefore, knowing which email to give true attention to or not is quite tricky, but doable.
Here are some tips to protect yourself from brand phishing attacks:
Trust your instinct that this may be a fake email. When you get an unusual email from your bank saying your account has suddenly closed, most people’s first reaction would be that it makes no sense. Others may panic and senselessly follow the instructions of the email, which attempt to steal your information. Try to relax and not act hasty, and follow the next steps.
Check the email address
of the sender. It may say “Apple”, however when you click on it to see the
full email address, it may be something completely different than a normal
Apple email, i.e. if it doesn’t end in @facebook.com or @apple.com.
Contact the real company
directly, if you aren’t sure whether it’s real or not. Get their contact
info by typing out their website or checking on Google.
Be wary of alarming
content. Anything that urges you to act fast and sets deadlines, asks for
your financial information, offers you a reward, or just seems overall fishy,
is probably phish-y.
Install anti-phishing protection, such as ZoneAlarm Web Secure Free Chrome extension, an absolutely free extension that protects you from phishing attacks so you don’t have to worry about them. What’s so great about this extension? First, it prevents you from inserting your credentials while it checks if the potentially dangerous website/email opened is safe or not. Only after it is deemed safe, you can go ahead and insert your credentials.
It goes one step further and protects you from downloading malicious files as it sanitizes them from any harm, delivering you safe content with every download. Lastly, it makes sure you avoid dangerous sites in your search engine browsing and protects your privacy as it keeps your information safe from unauthorized sites (hence, it prevents them from storing cookies on your computer and delivering personalized ads).
As brand phishing is only growing
and getting more sophisticated, make sure to stay alert and take advantage of
the tips and information provided here to protect yourself.