Given the demographic of Apple customers, it’s no surprise to learn that they are the most common phishing target.

A new security report found that a full 10% of all phishing attempts were trying to get hold of Apple ID credentials, ahead of Netflix at 9% and a surprising third choice …

Check Point Research’s Q1 2020 Brand Phishing Report found that Yahoo took third place.

The top brands are ranked by their overall appearance in brand phishing attempts:

1. Apple (related to 10% of all brand phishing attempts globally) 2. Netflix (9%) 3. Yahoo (6%) 4. WhatsApp (6%) 5. PayPal (5%) 6. Chase (5%) 7. Facebook (3%) 8. Microsoft (3%) 9. eBay (3%) 10. Amazon (1%)

The firm said that although most phishing attacks were emails directing to a fake website, the use of fraudulent apps is growing.

In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information […]

Web phishing was the most prominent at 59%, followed by mobile phishing as the second most attacked platform compared to Q4 of 2019, where it ranked third […]

The most likely industry to be targeted by brand phishing was technology, followed by banking and then media. This illustrates a broad spread of some of the best-known and most used consumer sectors, particularly during the coronavirus pandemic and associated quarantine, whereby individuals are grappling with remote working technology, potential changes to finances, and an uplift in home entertainment services such as streaming.

Apple is the most common phishing target due to the high value of Apple IDs on the dark web. A report back in 2018 found that they sold for a higher price than any other non-financial credentials.

While 9to5Mac readers are unlikely to fall for these, we last year suggested clueing in your friends on the three main warning signs.

  • Claiming that your Apple account is “locked” and you need to “confirm” it to restore access
  • Sending a receipt for an expensive claimed purchase, with a “Cancel” link
  • A message from “Apple Support” claiming to have detected problems with the Mac

The best way to protect against phishing attacks is to treat all emailed links as suspicious and to either use your own bookmarks or manually type URLs.

FTC: We use income earning auto affiliate links. More.

Intego Mac Security X9 50% off

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear