Check Point Research Brand Phishing report – Q4

Facebook tops the list, Technology industry is prime target

Summary

According to Check Point Research analysis, Facebook leads the top 10 phishing brands in Q4 2019 and Technology is the most common industry for which attackers try to imitate brands.

Brand phishing is a type of phishing attack in which the attacker tries to imitate an official website of a known brand by using a similar domain or URL, and usually also a web page similar to the original website. The link to the deceptive website can be sent via email or text message, redirected during web browsing, or triggered from a fraudulent mobile application. In many cases the website contains a form intended to steal credentials, personal information or payments.

Examples below show a common deceptive website of credentials theft for Facebook, and also a scam campaign trying to generate direct profit by impersonating RayBan sunglasses website offering high discounts around Black Friday.

Top Phishing brands

Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q4 2019:

Top brands industries

  1. Technology
  2. Banking
  3. Social Media

Top Phishing brands per platform

When examining the different platforms used we can see some noticeable differences in the brands being used in each, for example mobile being led by Banking and Social Media brands, while in email we see Technology brands and also number 2 being part of a shopping phishing campaign before Black Friday (as published by Check Point).

Facebook mobile login page – Credentials theft example

Between mid of October to mid of December we noticed dozens of detections to an active fraudulent website which was trying to imitate Facebook mobile login page, using an almost identical replica. The fraudulent website is listed under the address hxxp://facebook.e10g.com/login.php which was first active in March 2019 and registered under the IP – 192.169.188.33, located in Scottsdale, United States.

Ray Ban Sunglasses Scam

Before and Black Friday we detected a phishing email campaign promoting a discount for Ray-ban sunglasses, usually using a promotion subject “[Black Friday] Ray Ban Outlet Sale Online – Up To 90% Off”. Links in the emails directed users to a fraudulent website that was trying to imitate the original one. According to our research, the attacker used several fraudulent links such as – hxxps://rbs.vmrbs.com, hxxps://rbs.tsrbs.com, hxxps://rbs.xwrbs.com, hxxps://rbs.zfrbs.com, hxxps://rbs.zmrbs.com, hxxps:// rbs.oirbs.com.

So how can you avoid falling victim to these scam attempts? Our recommendations for safe purchase online are:

  1. Verify you are ordering from an authentic source. One way to do this is NOT to click on promotional links n emails, and instead Google your desired retailer and click the link from the Google results page.
  2. Beware of “special” offers. An 80% discount on the new iPhone is usually not a reliable or trustworthy purchase opportunity.
  3. Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.

 

Leave a Reply

Your email address will not be published. Required fields are marked *