Google and Amazon Overtake Apple as Most Imitated Brands for Phishing in Q2 2020

By : Krishna Anindyo | Tuesday, August 04 2020 - 09:15 IWST

Ilustration Brand phishing (Photo by Technonlogy For You)
Ilustration Brand phishing (Photo by Technonlogy For You) - When the career criminal Willie Sutton was asked by a reporter why he robbed so many banks, he reportedly answered: "Because that's where the money is." The same logic applies to the question, “Why are there so many phishing attacks?” Simply because they work, again and again.

It’s estimated that phishing is the starting point of over 90% of all attempted cyber-attacks, and Verizon’s 2019 Data Breach Investigations Report showed that nearly one-third (32%) of actual data breaches involved phishing activity. What’s more, phishing was present in 78% of cyber-espionage incidents and the installation and use of backdoors to networks.

They work because we’re human, and we make mistakes – either because we’re in a rush and our defences are lowered, or because we think we’re too smart to fall for a phishing attempt (a recent study showed how we often fail to recognise risk in assessing our own actions, while spotting risk easier when assessing other people’s behaviour).

But none of us is immune – especially when the criminals behind attacks impersonate familiar, trusted brands that we often interact with.

‘Brand phishing’ involves the attacker imitating an official website of a known brand by using a similar domain or URL, and usually a web page similar to the original website. The link to the deceptive website can be sent via email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. In many cases the website contains a form intended to steal credentials, personal information or payments.

Google and Amazon lead, Apple falls

Check Point Research’s latest Brand Phishing Report for Q2 2020 shows that Google and Amazon were the most imitated brands in phishing attempts, while Apple (the leading phishing brand in Q1) fell to 7th place from the top spot in Q1. The total number of Brand Phishing detections remains stable compared to Q1 2020.

Email phishing exploits were the second most common type after web-based exploits, compared to Q1 where email was third. The reason for this change may be the easing of global Covid-19 related restrictions, which have seen businesses re-opening and employees returning to work.

Here are the detailed brand phishing statistics for Q2 2020, together with examples of phishing campaigns which aimed to generate direct profit by impersonating Apple iCloud and PayPal.

Q2’s top phishing brands

Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q2 2020:

Top brand industry sectors



Social Network

Top phishing brands per vector

When examining the different vectors used we can see some noticeable differences in the brands being used in each vector. For example the focus in mobile is on major technology brands and media.

Email (24% of attacks)




Web (61% of attacks)




Mobile (15% of attacks)




iCloud login page – credentials theft example

During late June we witnessed a fraudulent website which was trying to imitate the login page of Apple’s cloud services, iCloud. The purpose of this website (example below), is to try and steal iCloud login credentials and is listed under the domain “account-icloud”. The domain was first active in late June 2020 and registered under the IP -, located in Russia.

PayPal login page – Credentials theft example

During May we noticed a fraudulent website which was trying to imitate a PayPal login page. The website is listed under the address paypol-login[.]com. The domain is registered first registered on 2018 and was reused once again in late May. The domain is registered under IP in U.S.

To avoid falling victim to phishing scams, we recommend the following actions:

Verify you are using or ordering from an authentic website. One way to do this is NOT to click on promotional links in emails, and instead Google your desired retailer and click the link from the Google results page.

Beware of “special” offers. An 80% discount on a new iPhone is usually not a reliable or trustworthy purchase opportunity.

Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.

News Comment

Today's Industry

Dr Paul Gardner-Stephen, Senior Lecturer, College of Science and Engineering, Flinders University (Photo by ICT Days)

Kamis, 24 September 2020 - 15:15 WIB

NBN Co to Spend $3bn Upgrading Half of FTTN Network to Full Fibre

In particular, the original Fibre-To-The-Premises (FTTP) plan had several key advantages that this announcement is not able to solve.

Rena Chua, Bug Bounty Advisor at HackerOne (Photo by Linkedin)

Kamis, 24 September 2020 - 14:15 WIB

How COVID-19 Is Impacting Security

With this accelerated pace of digital transformation, CISOs had to quickly facilitate new needs — while ensuring the security of existing systems and newly-acquired collaboration tools.

Vaccine Covax-19

Kamis, 03 September 2020 - 16:05 WIB

$1m for Covax-19 vaccine work

The $1 million grant is one of 13 early stage biomedical projects to receive funding through the Federal Government’s Biomedical Translation Bridge (BTB) program, part of Australia’s landmark…

Jonathan Knudsen - Senior Security Strategist, Synopsys Software Integrity Group

Rabu, 02 September 2020 - 15:50 WIB

How to Cyber Security: Pain in the AST

Language is tricky, especially in areas where it is evolving quickly. Software security is a young and volatile field where new terminology ebbs and flows continually.

Ilustration Palm Oil (RSPO)

Jumat, 21 Agustus 2020 - 20:05 WIB

Shared Responsibility Boosts Sustainable Palm Oil Absorption In Indonesia

The Roundtable on Sustainable Palm Oil (RSPO) has been upholding the shared responsibility concept after its adoption in the 15th General Assembly in 2018.