Scammers are now targeting Google and Amazon customers the most frequently with brand phishing attacks, according to a new report.
A recent study by security company Check Point found that Google and Amazon customers tie for the most phishing attempts aiming to steal their personal information at 13% of total attacks during the second quarter of this year. Other brands that top the list include WhatsApp and Facebook, which tied for third place with each at 9%; Microsoft at 7%; Outlook at 3%; and Netflix, Huawei, PayPal and Apple all coming in at 2%.
The second quarter is in stark contrast to the first quarter of the year, where Apple held the No. 1 spot on the list in brand phishing attempts.
Experts suggest the change in brands used in phishing attempts is based on the current coronavirus pandemic. They said work-from-home environments mean many employees are using Google cloud products in order to collaborate with colleagues while Amazon has seen a large increase with many people shopping online from home.
The report also broke down the different attack platforms for brand phishing campaigns with web-based attacks comprising 61%, emails accounting for 24% and mobile brands making up 15%.
How to Help Prevent a Phishing Scam
While cybercriminals aim to make messages look like they are coming from an official brand, there are things you can look out for to help recognize a phishing attempt. Common features of phishing attacks include:
- There are spelling and grammatical errors: These errors are one way to tell if a message is fraudulent as large brands rarely send out communications to customers with spelling or grammatical errors.
- The message requests personally identifiable information: Messages requesting login credentials or personal information should be verified directly with the company.
- The message is time-sensitive: A scammer’s goal is to make you act quickly, without taking the time to review a message and verify its authenticity. Fraudulent messages might threaten to close your account or provide another sense of urgency.
- The offer seems too good to be true: A message claiming you’ve won a prize or they are refunding a purchase you never made are suspicious and should be verified.
- The sender’s email address isn’t correct: Scammers can send an email that has a slight variation from the brand’s actual email address in an attempt to look authentic.
- You receive an unexpected attachment or hyperlink: An attachment and link can be a cybercriminal’s attempt at a malware or ransomware attack to steal your information or take control of your device.
- Something seems off: If you receive a message from a brand that doesn’t seem right, trust your instincts and verify the communication is from the company.