If you own a Mac computer or an iOS device, numerous perks are at your fingertips. The only major caveat is that you are more likely to encounter brand-related phishing hoaxes compared to customers of any other popular technology company. In case you find this statement far-fetched, the Q1 2020 Brand Phishing Report by Check Point cybersecurity firm will prove you wrong. The experts found that malicious actors’ attempts to steal Apple ID credentials accounted for 10% of all phishing stratagems across the board. Netflix phishing comes second in this rating (9%), followed by frauds aimed at wheedling out Yahoo credentials (6%). Beyond the top three, the pig picture looks as follows: WhatsApp (6%), PayPal (5%), Chase (5%), Facebook (3%), Microsoft (3%), eBay (3%), and Amazon (1%).
The researchers believe this trend largely stems from the fact that Apple IDs are traded higher in the cybercriminal underground than any other credentials that don’t involve direct access to one’s financial accounts. Another observation is that the spike in phishing co-occurred with the global COVID-19 crisis that has caused millions of people to spend more time on their devices. The dramatic growth in the use of streaming services is a game-changing factor. It’s worth mentioning that aside from the technology sector, the most heavily targeted industries are banking and media.
In a brand-based phishing attack, malefactors impersonate a well-recognized service provider or manufacturer the targets trust unconditionally. The primary vector of this social engineering ruse is what’s called web phishing. It accounted for 59% of all attacks that fit the mold of brand phishing.
Another malicious technique, mobile phishing, is gearing up for a rise in the cybercrime environment. In the first quarter of 2020, the share of mobile phishing was 23% and it got up to the second position in the rating. It’s noteworthy that it was the third most encountered mechanism across this ecosystem in the final quarter of 2019, so the growth is apparent. Again, analysts associate this increase with the coronavirus emergency that makes users keep their gadgets closer at hand during the quarantine.
Email phishing attempts were encountered in 18% of all attacks. To set this method in motion, crooks send spoofed emails or texts via popular messengers encouraging the recipients to click on a link that leads to a web page camouflaged as a legit company resource.
There are several red flags to watch out for in a brand phishing attack. The common giveaways are as follows:
- Claims about your Apple account being locked or suspended – in this case, scammers instruct you to “verify” your credentials.
- A receipt for some costly purchase you never made, where the “Cancel” button leads to a phishing page.
- Email or online popup impersonating Apple Support and purporting that your Mac is infected with malware.
If you notice the above lures, be sure to ignore the message and refrain from entering your credentials in the linked-to sign in form. When you need to visit the official Apple resources, use previously bookmarked pages or enter the URLs manually instead of clicking on links in suspicious emails.