The latest report by Check Point Research (CPR) has revealed that Microsoft retained its position as the most imitated brand in phishing attacks by scammers in Q4 2024.
Microsoft accounted for 32% of all attempts globally, while Apple ranked second with 12%.
The findings, covering October to December 2024 reveal that phishing schemes leveraging trusted global brands remain a significant cybersecurity threat, with attackers using increasingly sophisticated tactics to deceive users and steal sensitive information.
Top 10 most impersonated brands in Q4 2024
According to the report, cybercriminals continued to focus on technology and social networking platforms as reflected in the list of top 10 phished brands in the last quarter of 2024, which include:
- Microsoft: 32%
- Apple: 12%
- Google: 12%
- LinkedIn: 11%
- Alibaba: 4%
- WhatsApp: 2%
- Amazon: 2%
- Twitter: 2%
- Facebook: 2%
- Adobe: 1%
Holiday season surge in retail and clothing brand phishing
Check Point further disclosed that the holiday season saw a spike in phishing campaigns targeting retail and clothing brands.
Fraudsters created fraudulent domains, such as nike-blazers[.]fr and adidasyeezy[.]ro, which closely resembled official websites.
These sites lured unsuspecting shoppers with fake discounts, ultimately stealing their login credentials and personal information.
“Using logos and professional-looking designs, these fake websites created a convincing illusion of legitimacy, making it difficult for users to distinguish them from the real platforms. Victims were often tricked into providing sensitive details, which hackers could then exploit,” the report stated.
High-profile phishing cases
The report highlighted high-profile cases of phishing in the period including PayPal impersonation.
- According to the report, a phishing site, wallet-paypal[.]com, mimicked PayPal’s login page to steal financial credentials. The fake interface closely replicated PayPal’s official platform to gain users’ trust.
- Another case was Facebook fraud, in which another site, svfacebook[.]click, replicated Facebook’s login page to harvest personal details.
- Check Point noted that while the domain is no longer active, its subdomains previously targeted Facebook users.
Staying ahead of cyber threats
The persistence of phishing campaigns targeting trusted brands highlights the urgent need for robust security measures and user awareness.
According to Check Point to mitigate these threats, internet users and businesses must deploy several strategies, which include:
Installing security software and ensuring all devices are protected with up-to-date security solutions; being cautious of unsolicited communications, especially those requesting sensitive information; refraining from interacting with links or websites that seem unfamiliar or too good to be true; and enabling Multi-Factor Authentication (MFA), which adds an extra layer of protection to user accounts.
The report accentuates the importance of educating users about the dangers of phishing and equipping them with tools to recognize and respond to potential threats.
As cybercriminals refine their tactics, businesses and individuals must adopt proactive security measures to stay ahead.
