Amazon, Facebook, and Gmail: Prime Targets for Password Hackers
It's no surprise that platforms like Gmail, Facebook, and Amazon are highly targeted by hackers. These platforms are integral to our lives, holding vast amounts of personal information. For instance, your Gmail account might store emails with password reset links or second-factor authentication codes. If hackers gain access, they can potentially retrieve sensitive data, distribute malware, or commit credit card fraud. In short, your Google account is akin to a digital key that can open many doors.
A study by Kaspersky analyzed 25 top global brands to identify phishing targets. The results were alarming: in the first half of 2024, there were approximately 26 million attempts to access fake websites pretending to be these brands, marking a 40% increase compared to 2023.
Phishing Attacks Against Google See a 243% Surge
Google tops the list in phishing attempts, with a 243% rise in attacks reported in the first six months of 2024. Kaspersky security solutions blocked about 4 million attacks aimed at Google users in this period. As per Olga Svistunova, a security expert at Kaspersky, gaining access to a Google account can open multiple services, making it a prime hacking target.
The report also highlights 3.7 million phishing attempts on Facebook users and 3 million targeting Amazon. The top ten most targeted brands include Microsoft, DHL, PayPal, Mastercard, Apple, Netflix, and Instagram. Other brands like HSBC, eBay, Airbnb, American Express, and LinkedIn have also seen an uptick in phishing activities.
Microsoft Faces New QR Code Phishing Threat
Despite ranking fourth in targeted attacks, Microsoft faces a new surge in phishing through QR codes. A report by Jan Michael Alcantara from Netskope highlights a 2,000-fold increase in phishing pages via Microsoft Sway. This platform, part of Microsoft 365, allows users to create rich content. Phishers exploit its legitimacy, advising users to scan QR codes, which bypass stricter security on corporate devices. By using techniques like CAPTCHA tests and attacker-in-the-middle tactics, these phishing schemes collect login details effectively.
Unicode QR Code Phishing: A New Evasion Technique
A novel phishing method involves Unicode QR code phishing, as described by J Stephen Kowski from SlashNext. Unlike traditional image-based QR codes, these use Unicode text characters, complicating detection. This method evades image analysis and creates a dual appearance between screen rendering and plain text, further challenging security defenses.
How to Protect Yourself from Phishing
Companies like Google, Facebook, Amazon, and Microsoft provide guidance on avoiding phishing scams. Always verify websites before entering credentials, be cautious of unsolicited requests, and report suspected phishing to the relevant platform for investigation.
