Apple’s still a top 20 fake email for phishing attacks
Cloudflare’s latest phishing threat data confirms that exploits that attempt to impersonate legitimate e-mails from Apple remain among the top twenty threats, though AT&T, PayPal and Microsoft top the list of brands most impersonated by threat actors.
This is a top twenty no one wants to be in
The company’s global report confirms that the most targeted industries remain finance, tech, and telecom.
Inevitably, it also notes that companies making use of Cloudflare’s global network and email security solutions have managed to prevent 2.3 billion unwanted emails in 2022.
The company also introduced new capabilities built on Cloudflare Area1’s recent launch of advanced Zero Trust email security tools. These mean its customers can automatically and immediately identify and block “confusable” domains to better protect their corporate networks.
Phishing is a the fastest growing internet crime. These emails attempt to trick users into sharing confidential information such as usernames, passwords, bank, crypto accounts, credit cards and other important data. This information is then sold or used to take cash.
As it happens
What usually happens is that an exploit appears to be from a reputable brand or company and contains some convincing seeming story designed to make users part with their information, They may threaten a user that if they don’t click on a link there will be consequences such as late payment fees, offer prizes, or find other ways to lure victims to share this data. Some sophisticated attacks may even be custom made for the person they prey on.
Once you do click on a dodgy link you’ll be taken to a convincing seeming website where you’ll be asked to fill in forms similar to those you would expect on the legitimate site, during which your data will be secretly exfiltrated. At that point it is in the hands of the attackers and can be abused.
Last week, Jamf VP Michael Covington shared some very useful security insights with me, warning that:
“Successful phishing attacks inevitably lead to consequences down the road. A worst-case scenario occurs when work credentials are stolen by an attacker who uses them to subsequently steal valuable business data, to blackmail the organization, or pivot to the next system or social engineering exploit. Other side effects can include misinformation campaigns launched against the business or its partners, personal data loss, and financial exploitation.” That company has additional insights here.
This is ultimately why Apple, Google, Microsoft, and others are working to replace passwords.
Who are the top phishing brands?
Apple now sites outside the top ten of most impersonated brands, with Wells Fargo and eBay in 12th and 13th place. It is interesting to note that Cloudflare sees apple-grx-support-online[.]com as a typical fake domain used to phish the brand.
When you receive an unexpected email purporting to be from a brand you trust you should always check where it is sent from by clicking on the From field at the top of the mail and taking a look at the url. If it isn’t what you expect, don’t click more.
Also read: How to secure your life from stalkers, snoopers, and sneaks
The top ten list includes:
- AT&T
- PayPal
- Microsoft
- DHL
- Facebook/Meta
- Internal Revenue Service
- Oath Holdings/Verizon
- Mitsubishi
- Adobe
- Amazon
“Technology and telecom companies are a unique threat because phishing attacks can intercept the emails and text messages that are used to verify a user’s identity via two-factor authentication,” Cloudflare warns. “Therefore, these phishing attempts can lead to other accounts being compromised as well.”
Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.
Dear reader, this is just to let you know that as an Amazon Associate I earn from qualifying purchases.