A shake-up of major brands used in phishing attacks occurred in the second quarter of this year, according to Check Point’s Brand Phishing Report Q2 2020. And while the report does not tell us why Amazon and Google surged to the top of the list of most impersonated websites, while former No. 1 brand Apple fell to No. 7, we can probably agree that the shift came as a result of COVID-19 quarantine restrictions.
With most workers forced to work from home, brick and mortar retailers closed and most services closed, people spent more time online. We searched Google for how to make masks, how to file for unemployment and where to buy toilet paper, which were all top searches in April. Amazon was the go-to destination for many items needed for sheltering in place: laptop desks, gym shorts and infrared thermometers, which all jumped to the top of their respective categories last spring according to Amazon’s Movers & Shakers list. Scammers were quick to identify new opportunities tied to the pandemic because they always target trends: IRS scams during tax season, gift card scams during holiday season, and now, scams related to the pandemic.
Brand phishing
Scams that are based on faking well-known companies and institutions are known as brand phishing. Attackers create a fraudulent version of an official website or app to capture credentials, personal information or payments. They lure unwary consumers to sites by sending phishing emails with warnings like your account needs to be updated, posting tempting social media content with a link to the spoofed website, and by simply relying on common mistakes people make when typing in URLs.
In Check Point’s report, Google and Amazon were frontrunners by a wide margin. Together, they accounted for 26% of all brand phishing schemes. Others to watch for are chat app WhatsApp (9%), Facebook (9%), Microsoft (7%), Outlook (3%), Netflix (2%), Apple (2%), Chinese technology manufacturer Huawei (2%) and PayPal (2%).
Avoid the attack
You can avoid becoming a victim of these scams by taking several simple precautions. Remember that Google and Amazon are unlikely to send you an email about a problem with your account. Instead you will see an alert when you log in. Even if an email looks legitimate, don’t click on any links and never download attachments. Your browser likely autofills website URLs for the sites you visit frequently. Let it do the work. If you do need to type in an address, check carefully for typos before pressing Enter. Better yet, search Google for the brand and use the top search result, which should have the word “official” in front of it.
The next seasonal scam
With the Democratic National Convention behind us and the Republican National Convention underway, a rash of election-related scams will surge as Election Day approaches.
In a recent report from Area 1, a cybersecurity provider, less than 20% of 10,000 state and local election administrations had advanced anti-phishing controls in place, and about 666 of the election officials were relying on personal email addresses for election-related matters. Area 1 broke its findings down by state, and you’ll be glad to know that no Utah election officials are using personal email accounts for their work. However, that doesn’t mean that all of their email systems are adequately protected, and neither is yours.
As we saw in the 2016 election, state actors from Russia used email and social media to influence the voting decisions of the public. And already this year, Google reported foreign hackers have targeted the personal email accounts of staffers working on the campaigns of Democratic nominee Joe Biden and President Trump. State-backed hackers from China tried to target staffers’ emails on the Biden campaign, while Iranian hackers targeted the Trump campaign staff’s emails, Google said in its security blog. The company also said that it blocked the attempts and had not seen evidence that those attacks were successful.
Attackers are targeting people with influence so that they may hijack an email account and send misleading information. Clearly, this situation applies to a very small percentage of Gmail users, but if you see an alert from Google that reads “Government-backed attackers may be trying to steal your password,” you should take immediate steps to secure your account. First and foremost, report the warning to your organization’s IT administrator who will be able to take steps to secure the network.
As a “non-influential” individual, you should still be extremely cautious about any election-related email, text or social media post. Report suspicious emails to your email provider, change account passwords and keep a close watch on all online account activity.