Beware - that email from Google or Amazon could be malware

(Image credit: Future)

You may want to think twice about opening that email claiming to be from Google or Amazon, after new research found the tech giants were being used as lures for phishing scams.

Earlier this year, Check Point revealed that Apple was the most imitated brand for phishing, but over the course of the last few months, the iPhone maker has fallen to seventh place with Google and Amazon now taking the top spots.

Phishing is estimated to be the starting point of over 90 percent of all cyberattacks and according to Verizon's 2019 Data Breach Investigations Report, nearly one third (32%) of all data breaches involved phishing activity. Additionally phishing was present in 78 percent of cyber espionage incidents and the installation and use of backdoors in company networks.

While phishing attacks try to steal users credentials and other sensitive data, brand phishing involves an attacker imitating an official website of a known brand through the use of a similar domain or URL. Links to these deceptive websites that copy the style and design of a brand's official site are sent via email or SMS and they often contain a form used to steal credentials, personal information or payments.

Top phishing brands

According to Check Point's Brand Phishing Report for Q2 2020, Google and Amazon were the most imitated brands in phishing attempts and the total number of brand phishing detections was comparable to Q1 of this year.

Email phishing exploits were the second most common type after web-based exploits compared to Q1 where email was third. The easing of global Covid-19 restrictions could be the reason for this change as businesses around the world have started reopening and employees are returning to work.

When it came to the top brand industry sectors used in phishing attacks in Q2, technology, banking and social media were the most popular among cybercriminals. In attacks that imitated email services, Microsoft, Outlook and Unicredit were the most imitated brands while Google, Amazon and WhatsApp were the most imitated web companies. On mobile, brand phishing attempts tried to impersonate Facebook, WhatsApp and PayPal.

To avoid falling victim to phishing scams, Check Point recommends that users verify they are ordering products or services from an authentic website, beware of “special” offers that seem too good to be true and look out for lookalike domains that may contain spelling errors.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.