By 2020, you’ve probably already experienced getting an email from a well-known company, such as Apple or Facebook, letting you know that your account has some issues with it or a payment confirmation of some sort (that you haven’t made). The email address it was sent from looks just like the company’s email, the interface of the message matches previous emails from the company, and the company website in the link looks real as well.
Everything pretty much seems right. However, this can be a typical phishing email, or more specifically, a brand phishing attempt. The intention in this kind of email is to have the user insert their credentials to the supposedly-real website and to steal their personal information and, oftentimes, payment.
So what are top phishing brands?
According to Check Point Research analyses, Facebook leads in terms of the top 10 phishing brands during Q4 2019, with Technology being the top industry where attackers try to imitate brands.
“Cybercriminals are using a variety of attack vectors to trick their intended victims into giving up personal information and login credentials. Although this is often done using spam emails, we have also seen attackers obtain credentials to email accounts, study their victim for weeks and craft a targeted attack against partners and customers to steal money,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point. “Over the last two years, incidences of this type of attack have spiked with the increased use of cloud-based email, which makes it easier for criminals to disguise themselves as a trusted party. Phishing will continue to be a growing threat in 2020.”
How to protect yourself from brand phishing emails:
It has become virtually impossible to distinguish nowadays between a real and a fake email from a well-known company, especially one you’re likely a customer/member of, as the design, logo, and name seem so real. Therefore, knowing which email to give true attention to or not is quite tricky, but doable.
Here are some tips to protect yourself from brand phishing attacks:
- Trust your instinct that this may be a fake email. When you get an unusual email from your bank saying your account has suddenly closed, most people’s first reaction would be that it makes no sense. Others may panic and senselessly follow the instructions of the email, which attempt to steal your information. Try to relax and not act hasty, and follow the next steps.
- Check the email address of the sender. It may say “Apple”, however when you click on it to see the full email address, it may be something completely different than a normal Apple email, i.e. if it doesn’t end in @facebook.com or @apple.com.
- Contact the real company directly, if you aren’t sure whether it’s real or not. Get their contact info by typing out their website or checking on Google.
Click here for more tips.