Bad actors imitated the following brands most often to conduct the criminal act called phishing in the fourth quarter of 2019: Facebook (18 percent of all phishing attempts globally), Yahoo! (11 percent), Netflix (5 percent), PayPal (5 percent), Microsoft (3 percent), Spotify (3 percent), Apple (2 percent), Google (2 percent), Chase (2 percent) and Ray-Ban (2 percent), according to the study by cybersecurity research firm Check Point Research.
"Cybercriminals are using a variety of attack vectors to trick their intended victims into giving up personal information and login credentials or transferring money," Yaniv Balmas, head of cyber research at Check Point Research, said in a statement.
Scammers will create imitation emails using links and web-page designs that look legitimate in an effort to trick users into clicking on a link to an illegitimate website that asks for certain credentials or personal information. Once the bad actors have this information, they can gain access to accounts and other sensitive material.
For example, a North Korean hacking group in December targeted U.S. officials, think tanks, university staff, people working on nuclear technology and members of peace organizations, most of whom were based in the U.S., by imitating Microsoft in phishing emails, according to a Microsoft blog post.
The group called Thalium sent emails to victims using an email address that appeared to be from "microsoft.com" but was actually from "rniscroft.com." By combining the letters "r" and "n" to appear as the "m" in Microsoft, hackers were attempting to trick users into clicking on a link that appeared to be from the U.S. tech giant, telling users that "unusual sign-in activity" had been detected on their accounts.
Sometimes, scammers will study their victims before creating a targetted phishing email to increase the likelihood of tricking the user.
"Although this is often done using spam emails, we have also seen attackers obtain credentials to email accounts, study their victim for weeks and craft a targeted attack against partners and customers to steal money," Balmas said.
Phishing was linked to 78 percent of cyberespionage incidents and nearly a third of all data breaches in 2018, according to Verizon’s 2019 Data Breach Investigations Report.
More than 90 percent of cyberattacks in 2012 linked back to phishing emails; that rate skyrocketed to 269 percent in 2018, a February 2019 report by Trend Micro shows. Small businesses are especially susceptible to these kinds of attacks.
"Over the last two years, incidences of this type of attack have spiked with the increased use of cloud-based email, which makes it easier for criminals to disguise themselves as a trusted party. Phishing will continue to be a growing threat in 2020," Balmas said.
One way people can avoid being scammed by phishing emails is to hover their cursors over links or hyperlinked words in emails to see whether the URLs attached to those links are legitimate. When a user hovers their cursor over hyperlinked words or links that look realistic, a URL will appear that will show users where that link directs users. If the link looks fraudulent or unfamiliar, do not click.