Shulou(Shulou.com)11/24 Report--

According to Check Point Research's latest Brand phishing report, retail was the most frequently impersonated industry in the last quarter, with Wal-Mart at the top and Home Depot in the top 10.

In November 2023, Check Point Research (CPR), the threat intelligence unit of Check Point ®Software Technology Co., Ltd. (NASDAQ: CHKP), a leading global provider of cyber security solutions, released its third quarter 2023 Brand phishing report. The report highlights the brands that cyber criminals most often impersonate when trying to steal personal information or credentials in July, August and September 2023.

Last quarter, Wal-Mart, an American multinational retailer, became the most frequently impersonated brand in phishing attacks, accounting for 39% of all phishing attempts, up from the previous quarter (sixth). Technology giant Microsoft came in second, accounting for 14 per cent of such attacks, while multinational services company Wells Fargo came in third with 8 per cent. It is worth noting that MasterCard, the world's second-largest processing company, made it into the top 10 for the first time and ranked ninth.

"phishing remains one of the most rampant types of attacks, with many brands in retail, technology and banking being impersonated," said Omer Dembinsky, data manager at Check Point Software Technology. "the widespread use of artificial intelligence has also made it more difficult to distinguish between legitimate and fraudulent emails."

When opening or contacting emails from well-known companies, users must be vigilant, check the sender's address and the accuracy of the message, and do not click on the link provided in the email before ensuring security. If an enterprise discovers that a phishing attack has been carried out in its name, it should notify the customer through verified channels and warn against potential threats.

In brand phishing attacks, criminals try to use domain names or URL and web page designs similar to real websites to imitate official websites of well-known brands. Links to virtual websites can be sent to the target individual by email or text message and redirected during Web browsing, or may be triggered by fraudulent mobile applications. Virtual sites usually contain a form to steal user credentials, payment details, or other personal information.

Major phishing brands

Here are the top 10 most frequently impersonated brands in the third quarter of 2023 according to the total occurrence rate of phishing attacks:

1. Wal-Mart (39%)

2.Microsoft (14%)

3. Wells Fargo (8%)

4.Google 4%

5. Amazon (4%)

6.Apple (2)

7. Home Depot (2%)

8.LinkedIn (2)

9. MasterCard (1%)

10.Netflix (1)

Amazon phishing email-virtual order confirmation fraud

The fraudulent email, posing as an Amazon brand, claimed that there was an order to be confirmed and asked the recipient to click on the order number link. It uses the subject line "your order on Amazon.com" to create a sense of urgency and provides a malicious link unrelated to Amazon: it\ .support\ .swift-ness.com (currently deactivated). The message asks the recipient to check the status of the order or make changes, and to increase credibility by displaying the order details.

LinkedIn phishing email-Virtual Business message Fraud

In August 2023, we found a phishing email posing as LinkedIn whose actual sending address was "giacomini@napa\ .fr" but claimed to be from "LinkedIn".

The subject line of the email is "you have 8 new business messages from _" (figure 1), accompanied by a short message informing the recipient that the eight new business messages are from the same person and that this person claims to be the sales manager.

The fraudulent message is designed to trick recipients into believing that they have unread messages on the LinkedIn platform, but to read these messages, you need to click on the malicious link: online\ .cornection1\ .shop (figure 2), and mistakenly enter a virtual Microsoft login page designed to steal user credentials.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.