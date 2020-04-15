NEW DELHI: Apple was the most impersonated brand name used in phishing scams in Q1 2020 as cybercriminals looked to capitalise on the spike in interest in the new Apple Watch, according to cybersecurity firm Check Point Research’s latest report on brand phishing. Netflix was the second most impersonated brand after Apple.

The report breaks down the phishing scams involving genuine brand names into three categories. In email based phishing scams, accounting for 18% of all attacks, Yahoo, Microsoft, Outlook and Amazon were the most frequently used brand names. In web-based phishing scams which formed the lion’s share of the attack at 59%, Apple, Netflix and PayPal were the top three brand names. The share of mobile-based phishing scams was 23% and Netflix, Apple and WhatsApp were the most imitated brands.

With millions staying indoors due to the covid-19 pandemic, the time spent on video streaming platforms particularly Netflix has also surged. Using the opportunity, attackers have been increasingly using Netflix brand name in phishing scams.

Using well known brand names and other assets to trick users into opening malicious webpages is a common tactic of cybercriminals.

The attacker first imitates the official website of a known brand by registering with a similar domain or URL and then deploys phishing tools to steal credentials, personal information or payment details from users. These links are sent to targets through email or text message or passed on through fraudulent mobile apps.

Many of these scams have tried to take advantage of the interest in covid-19 and the novel coronavirus. For instance, in March, researchers at Check Point, detected a fraudulent website that had imitated the Airbnb login page, giving updates on its services during the outbreak. The website was listed under the address hxxps://airbnb.id-covid19\.com/update/login\.php.

Similarly, several other fraudulent websites were detected trying to imitate login pages of banks. One such website, which was trying to steal login credentials of Chase Bank’s customers was listed as chasecovid19s\.com. The attacker behind the website had several similar fraudulent domains such as chasecovid19v\.com and chasecovid19t\.com in the past.

Not every user knows how to differentiate between actual domains and fraudulent ones.

Phishing scams have been rising. A 2019 study by Verizon, found that 32% of all global data breaches were carried out through phishing scams. Attackers are known to impersonate band names of companies which are in news and also have a huge user base.

