[German]Check Point security researchers are currently seeing a sharp increase in phishing emails that use well-known brands to disguise the fraud. Here's some information I've received from Check Point warning against fake emails on behalf of Microsoft and Google.
Advertising
Each quarter, the experts publish their Brand Phishing Report , in which they investigate which brands are most heavily abused for phishing. The report for the third quarter shows that phishing via e-mail increased the most, contrary to the second quarter. Phishing attacks account for 44 percent of all attacks. Currently, the figures are rising sharply, particularly with regard to Google, which accounts for 9 percent, and Microsoft, which is in the lead with 19 percent. Here, the main type of fraud is that fake messages ask users to reset or enter their access data for Microsoft accounts, which allows hackers to gain possession of them.
Phishing e-mail for account verification of 'Microsoft Accounts Team'.
Christine Schönig, Regional Director Security Engineering CER, Office of the CTO – Check Point Software Technologies GmbH, explains: "The cyber criminals mainly take advantage of the fact that very many employees currently work in the home office and are often distracted by the household. So they are counting on their attention to be less attentive to fake e-mails. In addition, employees are often outside the actual security precautions of the company. So far, the strategy is working. For this reason, new IT security architectures should be implemented that go beyond the company's location and also protect employees at their teleworking stations and their mobile devices".
In a video in the series called How to secure your remote workforce, Maya Horowitz, Check Point's Director of Threat Research and Intelligence, explains the threat. Using a real-life case – the hacker group called Florentine Banker – reported on Check Point in April, she shows what a fake email can actually do. Read all about the investigation of brand abuse in the context of phishing in this blog post.
Advertising
Advertising