The social engineering It is one of the tools most used by cybercriminals to harm the internet. And supplanting recognized companies, with which it is quite likely that the user has contracted a service, is among their favorite “tricks”. The cybersecurity company Check Point, has published the Brand Phishing Report corresponding to the last quarter of 2020, where the brands most imitated by cybercriminals in the months of October, November and December are analyzed.
“Cybercriminals increased their attempts to steal personal data in the fourth quarter of 2020 by posing as leading brands, although our data clearly shows how they modify their phishing tactics to increase their chances of success,” says Maya Horowitz, Director of Intelligence and threat and product investigation at Check Point.
The term “brand phishing», Which refers to cyber scams in which the criminal pretends to be a firm, can be done by SMS, WhatsApp message or email. Even by phone call. Typically the goal is convince the victim to click on a hyperlink that redirects you to a malicious page, which normally copies the official of the company that is impersonating. There are also cases in which this link actually hides the download of a computer virus. Be that as it may, the objective is to steal the user’s personal and banking data without them knowing.
In the fourth quarter of 2020, according to Check Point, Microsoft stays like the brand most used by cybercriminals– 43% of all brand phishing attempts used this tech giant as a hook, an increase of 19% compared to the third quarter. This shows that cybercriminals targeted users who telecommute during the second wave of the Covid-19 pandemic. On the other hand, DHL it remained the second most imitated brand (18%), probably due to the season of own online shopping in November and December. Especially in times of pandemic.
“As always, we advise users to exercise caution when sharing personal data and credentials, as well as think twice before opening email attachments or links, especially from those claiming to come from companies such as Microsoft or Google, which are more likely to be spoofed, ”says Horowitz.
Malicious websites used by cybercriminals often use a domain name or address and layout similar to the official website. The link to the fake website can be sent via email or SMS to specific people, to thus redirect a user while browsing the web, or it can be generated from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, billing information, or other personal information.