Kapersky study shows increase in phishing attacks on technology brands
Updated on August 28 with new phishing information from Netskope and SlashNext reports
A new threat analysis from researchers at Kaspersky has revealed a dramatic increase in the number of password-stealing attacks targeting Amazon, Facebook and, most importantly, Google users. Here’s what you need to know.
Amazon, Facebook and Gmail are a magnet for password hackers
It should come as no surprise that Gmail, Facebook and Amazon account credentials are so coveted by malicious hackers. After all, such accounts can be used to complete the cybercrime triumvirate of data theft, malware distribution and credit card fraud. Google accounts in particular are something of a master key that can open a treasure trove of other account credentials and personal information to commit fraud. Just think of the information contained in your Gmail inbox. Given the popularity of the web-based free email service, there’s a good chance you have one. And you haven’t even considered how many organizations still send password change requests and two-factor authentication links to your email account.
Kaspersky analyzed a total of 25 of the largest and most popular global brands to identify those that are more frequently targeted by cybercriminals in phishing attacks. According to Kaspersky, researchers found that in the first half of 2024 alone, there were around 26 million attempts to access malicious websites posing as one of these brands. This represents an increase of around 40% compared to the same period in 2023.
Phishing attacks against Google increased by 243%
For all the reasons already mentioned, Google has been at the top of the list of phishing targets. When it comes to stealing credentials such as passwords, Google remains a clear favorite on cybercriminals’ radar. Kaspersky said it saw a 243% increase in attack attempts in the first six months of 2024, with approximately 4 million such attempts blocked by Kaspersky’s security solutions during this period.
Cybercriminals are stepping up their attacks on major technology brands
“This year, there has been a significant increase in phishing attempts targeting Google,” said Olga Svistunova, security expert at Kaspersky, confirming that a criminal who gains access to a Gmail account “can potentially access multiple services, making it a prime target.”
According to the Kaspersky study, which has not yet been published publicly online, Facebook users fell victim to phishing attempts 3.7 million times, while Amazon fell victim to phishing attempts 3 million times. Microsoft, DHL, PayPal, Mastercard, Apple, Netflix and Instagram completed the list of the ten most attacked brands. Although they did not make the top ten, Kaspersky said other brands that saw a dramatic increase in attacks in the first six months of the year were HSBC, eBay, Airbnb, American Express and LinkedIn.
It is important to note, however, that Kaspersky security researchers attribute this increase to an increase in fraudulent activity rather than a decrease in vigilance among attacked users.
Microsoft targeted by new surge in QR code phishing
Microsoft may only have made it to number four on Kaspersky’s list of attacks on brands, but one phishing technique has helped the Redmond giant soar in recent months. According to a new report by Jan Michael Alcantara, a threat research engineer at Netskope, in July 2024 alone, “a 2,000-fold increase in traffic to phishing pages delivered through Microsoft Sway” was observed. Microsoft Sway is available free of charge to Microsoft 365 users as a cloud-based application and allows the creation of visually appealing documentation, newsletters and presentations. Alcantara points out that when a potential victim opens a Sway page, they are already logged into their Microsoft 365 account, giving the phishing attempts an air of legitimacy. Attempts that, at least as tracked by Netskope, target Microsoft Office credentials by using QR codes. The target is encouraged to scan a QR code on their smartphone to make it easier to use, but the main reason is to bypass the more stringent security measures found on corporate laptops. This particular campaign used some interesting techniques to avoid suspicion, such as a CAPTCHA test to protect against static URL scanners and an attacker-in-the-middle technique that replaces the phishing URLs with the real login URLs to capture the credentials that allow the threat actor to log in as the victim.
Unicode QR code phishing evades detection in a novel way
A new variant of QR code phishing was described in technical detail by J Stephen Kowski, Field Chief Technology Officer at SlashNext, in a LinkedIn article. While the more well-known type of QR code phishing attack relies on an embedded image-based QR code to redirect users to a malicious site, Unicode QR code phishing takes a completely different approach. “Attackers have now started creating QR codes using Unicode text characters instead of images,” Kowski said, which presents defenders with three main problems: evading image analysis, perfect screen representation, and a double representation between screen representation and plain text that further complicates detection. “This development underscores a crucial point we have been making for a long time,” Kowski said, “phishing is no longer limited to email.”
Tips on how to protect yourself from phishing attacks and ways to report any attempts can be found online at Google, Facebook, Amazon and Microsoft.
