Last year, Apple customers were the number one target for phishing attempts, scammers sending emails with links to fake Apple websites in an attempt to get their hands on Apple ID credentials.
Security company Check Point said that’s changed this year, and Apple is now only 7th on the list …
This year, Google and Amazon customers are the top targets, each at 13% of all phishing attempts, with Apple now down to just 2%.
‘Brand phishing’ involves the attacker imitating an official website of a known brand by using a similar domain or URL, and usually a web page similar to the original website. The link to the deceptive website can be sent via email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. In many cases the website contains a form intended to steal credentials, personal information or payments.
Check Point Research’s latest Brand Phishing Report for Q2 2020 shows that Google and Amazon were the most imitated brands in phishing attempts, while Apple (the leading phishing brand in Q1) fell to 7th place from the top spot in Q1. The total number of Brand Phishing detections remains stable compared to Q1 2020.
Email phishing exploits were the second most common type after web-based exploits, compared to Q1 where email was third. The reason for this change may be the easing of global Covid-19 related restrictions, which have seen businesses re-opening and employees returning to work.
The coronavirus crisis may also explain the change in brand imitation. Lockdowns have seen more people using Google cloud products for collaboration while working from home, and Amazon has of course seen a substantial boost in online shopping.
There was one major attempt to phish Apple customers, however.
During late June we witnessed a fraudulent website which was trying to imitate the login page of Apple’s cloud services, iCloud. The purpose of this website (example below), is to try and steal iCloud login credentials and is listed under the domain “account-icloud.com”. The domain was first active in late June 2020 and registered under the IP – 184.108.40.206, located in Russia.
Both browser companies and the web hosting company responded quickly, browsers warning that it was a deceptive website, and the host company then suspending it.
The top brands for phishing attempts in Q2 were:
The best way to protect yourself is to never click on links sent via email, even if they appear genuine. Always use your own bookmarks, a Google search, or type in a known URL (not the one in the email) manually. Common ploys used by scammers are emails which claim your account is in danger of being suspended or closed; that you need to update your login details; that you need to confirm or refute an expensive purchase (a very common attack method with Apple customers); or act quickly to claim a too-good-to-be-true offer.