Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple was the most imitated brand in phishing attempts in Q1 2020

An example of a fradulent Apple phishing page. Credit: Malwarebytes Lab

Apple was the most imitated brand in web-based phishing campaigns in the first quarter of 2020, new research shows.

Phishing remains one of the most popular tactics for cybercriminals and other bad actors to steal data or money across through fraudulent links sent via email, text or web browser redirects.

According to a new report from cybersecurity firm Checkpoint, web-based phishing campaigns remained the most popular in Q1 2020, accounting for 59% of attempts. Apple ranked as the most imitated brand for the category, followed by Netflix, PayPal, and eBay.

Apple's jump from 7th place in the fourth quarter of 2019 to first place in Q1 2020 may have been the result of phishing campaigns attempting to take advantage of the buzz surrounding unreleased Apple products, Checkpoint theorizes.

Due to the ongoing coronavirus pandemic, there are a few other notable changes. Mobile-based phishing detections became the second most common attack vector, up from third place in Q4 2019, likely due to more users working from home. Previously, email ranked in second place.

Services commonly used in both at-home leisure and work, like PayPal and Netflix, also saw a boost in popularity between the Q4 2019 and the beginning of Q1 2020.

Checkpoint notes that the total number of brand-based phishing attempts remained stable between Q4 2019 and Q1 2020.

Earlier in April, the U.S. and U.K. governments warned citizens against clicking on any suspicious links to supposed relief websites.



5 Comments

lkrupp 19 Years · 10521 comments

Now that operating systems are fairly well armored against attacks and hacks the criminals have had to switch tactics and use the time honored and amazingly successful approach in which the ignorance, stupidity, and gullibility of the human animal is exploited. Social engineering is the norm. From the fake Adobe Flash installers to scammer calls from the ‘IRS’ or ‘Social Security’ the two biggest admonitions to thwart them are the most ignored. 1) If it sounds too good to be true, it is. 2) Think before you click. I can’t tell you how many comments on the Apple Discussion Forums are from users who just clicked on something without thinking about it only to be hit with malware or adware. 

macxpress 16 Years · 5914 comments

lkrupp said:
Now that operating systems are fairly well armored against attacks and hacks the criminals have had to switch tactics and use the time honored and amazingly successful approach in which the ignorance, stupidity, and gullibility of the human animal is exploited. Social engineering is the norm. From the fake Adobe Flash installers to scammer calls from the ‘IRS’ or ‘Social Security’ the two biggest admonitions to thwart them are the most ignored. 1) If it sounds too good to be true, it is. 2) Think before you click. I can’t tell you how many comments on the Apple Discussion Forums are from users who just clicked on something without thinking about it only to be hit with malware or adware. 

Yet time and time again people keep falling for this shit. Which is why they keep doing it. There's always that sucker out there unfortunately. 

Beats 4 Years · 3073 comments

I misread the headline as "Apple was most imitated brand in Q1 2020".

Wasn't surprised.

Beats 4 Years · 3073 comments

lkrupp said:
Now that operating systems are fairly well armored against attacks and hacks the criminals have had to switch tactics and use the time honored and amazingly successful approach in which the ignorance, stupidity, and gullibility of the human animal is exploited. Social engineering is the norm. From the fake Adobe Flash installers to scammer calls from the ‘IRS’ or ‘Social Security’ the two biggest admonitions to thwart them are the most ignored. 1) If it sounds too good to be true, it is. 2) Think before you click. I can’t tell you how many comments on the Apple Discussion Forums are from users who just clicked on something without thinking about it only to be hit with malware or adware. 

The grandma who has a Samsung Galaxy "iPhone" does not think twice when "Apple" sends her a legit-looking email.

Apple needs a standard login format (FaceID?) for their devices. This may help grandmas from getting scammed. **Never mind, I don't think this way alone will work since external sites will not be mandated to this info and will still trick grannies.

jbdragon 10 Years · 2312 comments

Never click on links in emails. Just go to the site by typing i the address manually. You look at that address above, it's clearly not Apple trying to get your info.

The BEST thing you can do is turn on 2-Factor!!! Because even if you were dumb enough to fall for the whole fake web page log-In screen used to steam your log-in credentials. Without that second factor, they are stopped in their tracks!!! Even if you gave them your 6 digit code, unless it was used within a minute, that code would have changed and now they are back to being locked out of your account.

I had someone from CHINA somehow got my old password which was used at a few places. That person was stopped in their tracks when my iPhone popped up a Box saying someone was trying to gain access to my account, showing a small map of China, with a Allow or Deny Box. Of course I denied!!!! If I didn't have 2 factor turned on, they would have had full access to my Apple Account and done all kinds of things. Like copying all my pictures, or worse.

Of course after that I updated my Password to something really LONG and used no where else. I'm slowly working on changing my passwords everywhere else to long use one once passwords. This is where you really NEED a password manager. I use Lastpass. I got a Family Account and have my Dad on that to use, and helping him with turning on 2-Factor at places, at least the really important places. your e-mail account for example. Someone gains access to that, now they can just do a password recovery for your other places and gain access to them. He has his Facebook account hacked a few times. So 2-Factor is turned on there now, along with better, random password. His bank, I got it turned on.

So make sure to use a long, Random password. I let LastPass generate a 20 or so digit one. Different for each site. So if one place gets hacked, they can't gain access to anywhere else you may be at. Turn on 2-Factor everywhere you can. I even have it on for Amazon. So if you get suckered into being Phished, it's not the end of the world, as they still can't gain access because of that second factor. Then when you realize what happened, you can go in and change your password to something new and Lastpass will update it's self. If I can get my 72 year old Dad to get on this page, you should be able to do it.