Scammers are now targeting Google and Amazon customers the most frequently with brand phishing attacks, according to a new report.

A recent study by security company Check Point found that Google and Amazon customers tie for the most phishing attacks aiming to steal their personal information at 13% of total attacks during the second quarter of this year. Other brands that top the list include WhatsApp and Facebook, which tied for third place with each at 9%; Microsoft at 7%; Outlook at 3%; and Netflix, Huawei, PayPal and Apple all coming in at 2%.

The second quarter is in stark contrast to the first quarter of the year, where Apple held the No. 1 spot on the list in brand phishing attempts.

Experts suggest the change in brands used in phishing attempts is based on the current coronavirus pandemic. They said work-from-home environments mean many employees are using Google cloud products in order to collaborate with colleagues while Amazon has seen a large increase with many people shopping online from home.

The report also broke down the different attack platforms for brand phishing campaigns with web-based attacks comprising 61%, emails accounting for 24% and mobile brands making up 15%.

How to Help Prevent a Phishing Scam

While cybercriminals aim to make messages look like they are coming from an official brand, there are things you can look out for to help recognize a phishing attempt. Common features of phishing attacks include:

  • There are spelling and grammatical errors: These errors are one way to tell if a message is fraudulent as large brands rarely send out communications to customers with spelling or grammatical errors.
  • The message requests personally identifiable information: Messages requesting login credentials or personal information should be verified directly with the company.
  • The message is time-sensitive: A scammer’s goal is to make you act quickly, without taking the time to review a message and verify its authenticity. Fraudulent messages might threaten to close your account or provide another sense of urgency.
  • The offer seems too good to be true: A message claiming you’ve won a prize or they are refunding a purchase you never made are suspicious and should be verified.
  • The sender’s email address isn’t correct: Scammers can send an email that has a slight variation from the brand’s actual email address in an attempt to look authentic.
  • You receive an unexpected attachment or hyperlink: An attachment and link can be a cybercriminal’s attempt at a malware or ransomware attack to steal your information or take control of your device.
  • Something seems off: If you receive a message from a brand that doesn’t seem right, trust your instincts and verify the communication is from the company.