Scammers really like to impersonate Microsoft


If you get a phishing email impersonating a known brand, it will most likely masquerade as Microsoft.

Microsoft is the most impersonated brand in phishing schemes, accounting for a third of all attempts in 2024, a new report by Check Point reveals. Apple and Google share second and third place with 12% each.

LinkedIn, a Microsoft-owned company, comes fourth with another 11%. The list continues with Alibaba, WhatsApp, Amazon, Twitter, Facebook, and Adobe, each getting 4% or less.

ADVERTISEMENT

Attackers abuse Microsoft’s brand recognition and trust and often target Microsoft credentials as their ultimate goal.

However, Check Point encourages staying alert for the impersonation of other brands as well.

“The holiday season saw a surge in phishing campaigns impersonating well-known clothing brands. Fraudulent domains, such as nike-blazers[.]fr and adidasyeezy[.]ro, replicated official websites to mislead shoppers with fake discounts, ultimately stealing login credentials and personal information,” the researchers said in a report.

Fraudulent websites often replicate the brand’s logo, offer unrealistically low prices for a limited time, and lure victims in other ways to enter sensitive information, such as login credentials and personal details.

In the provided examples, hackers localized their fraudulent websites using country-specific domains, such as ralphlaurenmexico[.]com[.]mx, guess-india[.]in, lululemons[.]ro, or hugoboss-turkiye[.]com[.]tr.

Other phishing examples from last year include the fraudulent website wallet-paypal[.]com, which mimicked PayPal’s login page to harvest credentials, and Facebook frauds, such as the faux website svfacebook[.]click, imitating the login page of original Facebook and prompting for credentials.

Ernestas Naprys Niamh Ancell BW Paulius Grinkevicius Konstancija Gasaityte profile
Join 25,260+ followers on Google News

“The persistence of phishing attacks leveraging major brands underscores the critical need for user education and advanced security measures,” Check Point said.

ADVERTISEMENT

The firm suggests verifying email sources, avoiding unfamiliar links, and enabling multi-factor authentication (MFA) to help protect against scammers. Users should use robust endpoint security, recognize the red flags in unsolicited communications, and avoid any interactions with suspicious links or websites.