By 2020, you’ve probably already experienced getting an email from a well-known company, such as Apple or Facebook, letting you know that your account has some issues with it or a payment confirmation of some sort (that you haven’t made). The email address it was sent from looks just like the company’s email, the interface of the message matches previous emails from the company, and the company website in the link looks real as well.
Everything pretty much seems right. However, this can be a typical phishing email, or more specifically, a brand phishing attempt. The intention in this kind of email is to have the user insert their credentials to the supposedly-real website and to steal their personal information and, oftentimes, payment.
According to Check Point Research analyses, Facebook leads in terms of the top 10 phishing brands during Q4 2019, with Technology being the top industry where attackers try to imitate brands.
“Cybercriminals are using a variety of attack vectors to trick their intended victims into giving up personal information and login credentials. Although this is often done using spam emails, we have also seen attackers obtain credentials to email accounts, study their victim for weeks and craft a targeted attack against partners and customers to steal money,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point. “Over the last two years, incidences of this type of attack have spiked with the increased use of cloud-based email, which makes it easier for criminals to disguise themselves as a trusted party. Phishing will continue to be a growing threat in 2020.”
It has become virtually impossible to distinguish nowadays between a real and a fake email from a well-known company, especially one you’re likely a customer/member of, as the design, logo, and name seem so real. Therefore, knowing which email to give true attention to or not is quite tricky, but doable.
This post is available in: English