Scammers are now targeting Google and Amazon customers the most frequently with brand phishing attacks, according to a new report.

A recent study by security company Check Point found that Google and Amazon customers tie for the most phishing attacks aiming to steal their personal information at 13% of total attacks during the second quarter of this year. Other brands that top the list include WhatsApp and Facebook, which tied for third place with each at 9%; Microsoft at 7%; Outlook at 3%; and Netflix, Huawei, PayPal and Apple all coming in at 2%.

The second quarter is in stark contrast to the first quarter of the year, where Apple held the No. 1 spot on the list in brand phishing attempts, according to Check Point.

Experts suggest the change in brands used in phishing attempts is based on the current coronavirus pandemic. They said work-from-home environments mean many employees are using Google cloud products in order to collaborate with colleagues while Amazon has seen a large increase with many people shopping online from home.

The report also broke down the different attack platforms for brand phishing campaigns with web-based attacks comprising 61%, emails accounting for 24% and mobile brands making up 15%.

How to Help Prevent a Phishing Scam

While cybercriminals aim to make messages look like they are coming from an official brand, there are things you can look out for to help recognize a phishing attempt. Common features of phishing attacks include:

  • There are spelling and grammatical errors: These errors are one way to tell if a message is fraudulent as large brands rarely send out communications to customers with spelling or grammatical errors.
  • The message requests personally identifiable information: Messages requesting login credentials or personal identifiable information should be verified directly with the company.
  • The message is time-sensitive: A scammer’s goal is to make you act quickly, without taking the time to review a message and verify its authenticity. Fraudulent messages might threaten to close your account or provide another sense of urgency.
  • The offer seems too good to be true: A message claiming you’ve won a prize or they are refunding a purchase you never made are suspicious and should be verified.
  • The sender’s email address isn’t correct: Scammers can send an email that has a slight variation from the brand’s actual email address in an attempt to look authentic.
  • You receive an unexpected attachment or hyperlink: An attachment and link can be a cybercriminal’s attempt at a malware or ransomware attack to steal your information or take control of your device.
  • Something seems off: If you receive a message from a brand that doesn’t seem right, trust your instincts and verify the communication is from the company.