SUMMARY
Facebook made up for 18% of all the phishing attempts
48% phishing scams were web-based
Google revealed 12K of its users were subjected to phishing in Dec 2019
As India is binging on Netflix’s newest original Jamtara — a series based on phishing scams — the reel seems very close to real. Various companies across the world have recently warned their users of scammers trying to steal money and personal information.
Now, a report by malware analysis and vulnerability research firm Check Point Research highlighted that global social media giant Facebook registered the most number of phishing scams attempts between October and December 2019.
The ‘Brand Phishing Report for Q4 2019’ also noted that American web service Yahoo!, video streaming platform Netflix, digital payments platform PayPal, global tech giant Microsoft and music streaming giant Spotify were some other brands that were vulnerable to such cases.
The report noted the names of some of the biggest brands that have been used for phishing and what percentage of cases they noted globally. This included:
- Facebook (18%)
- Yahoo (10%)
- Netflix (5%)
- PayPal (5%)
- Microsoft (3%)
- Spotify (3%)
- Apple (2%)
- Google (2%)
- Chase (2%)
- Ray-Ban (2%)
Specifying the types of phishing scams, the report concluded that almost 27% of all the phishing attacks were through emails, whereas 48% were conducted through the web. Approximately 25% of the scams were done through mobile phones. Yahoo! got more email-based requests, while Spotify is subjected to all web-based phishing attempts.
How Are Phishing Scams Take Place?
Maya Horowitz, Director of Threat Intelligence and Research at Check Point Software, said that cybercriminals are using different methods to trick the victims to give their personal information, login credentials or just making them transfer money.
“Although this is often done using spam emails, we have also seen attackers obtain credentials to email accounts, study their victim for weeks and craft a targeted attack against partners and customers to steal money,” Horowitz added.
The report also noted that scammers imitate the domain name and web-design of official websites of well-known brands in order to make victims confident in them. The link to this fake website can be sent to the users through several methods, including email, text messages and redirects during web browsing. Moreover, such links can also be sent via fraudulent mobile applications.
The Indian Users At Risk
In December 2019, Google revealed that over 12K of its users across 129 countries were subjected to a phishing scam. The company noted that it may have been conducted by government-backed attackers. Moreover, over 500 of the 12K users were Indians residents.
Moreover, Paytm, a popular financial technology company and its Payments Bank have admittedly witnessed an increase in the number of phishing and fraud cases in the last couple of months. Even Paytm’s founder Vijay Shekhar Sharma has gone out to tweet about the issue.
Besides this, recently, Paytm Payment Bank gave out a list of 3,500 phone numbers used in such scams to government bodies. Paytm Payments Bank added that other payments banks can make use of the dataset to identify the fraudster. The company has also filed an FIR against fraudsters and scammers with the cyber cell.
A cybersecurity research firm CloudSEK also noted that users of ecommerce companies operating in India — Amazon, Flipkart — are also being scammed using fake websites.
