
If you get a phishing email impersonating a known brand, it will most likely masquerade as Microsoft.
Microsoft is the most impersonated brand in phishing schemes, accounting for a third of all attempts in 2024, a new report by Check Point reveals. Apple and Google share second and third place with 12% each.
LinkedIn, a Microsoft-owned company, comes fourth with another 11%. The list continues with Alibaba, WhatsApp, Amazon, Twitter, Facebook, and Adobe, each getting 4% or less.
Attackers abuse Microsoft’s brand recognition and trust and often target Microsoft credentials as their ultimate goal.
However, Check Point encourages staying alert for the impersonation of other brands as well.
“The holiday season saw a surge in phishing campaigns impersonating well-known clothing brands. Fraudulent domains, such as nike-blazers[.]fr and adidasyeezy[.]ro, replicated official websites to mislead shoppers with fake discounts, ultimately stealing login credentials and personal information,” the researchers said in a report.
Fraudulent websites often replicate the brand’s logo, offer unrealistically low prices for a limited time, and lure victims in other ways to enter sensitive information, such as login credentials and personal details.
In the provided examples, hackers localized their fraudulent websites using country-specific domains, such as ralphlaurenmexico[.]com[.]mx, guess-india[.]in, lululemons[.]ro, or hugoboss-turkiye[.]com[.]tr.
Other phishing examples from last year include the fraudulent website wallet-paypal[.]com, which mimicked PayPal’s login page to harvest credentials, and Facebook frauds, such as the faux website svfacebook[.]click, imitating the login page of original Facebook and prompting for credentials.
“The persistence of phishing attacks leveraging major brands underscores the critical need for user education and advanced security measures,” Check Point said.
The firm suggests verifying email sources, avoiding unfamiliar links, and enabling multi-factor authentication (MFA) to help protect against scammers. Users should use robust endpoint security, recognize the red flags in unsolicited communications, and avoid any interactions with suspicious links or websites.
Your email address will not be published. Required fields are markedmarked