A new report from Check Point Research (CPR) has revealed that Microsoft and Apple were the most imitated brands in phishing attacks during the final quarter of 2024. Microsoft topped the list, accounting for 32% of phishing attempts worldwide, while Apple came in second with 12%.
The report, which analysed phishing trends from October to December 2024, highlights cybercriminals’ continued exploitation of trusted global brands. These schemes use increasingly sophisticated methods to deceive users and steal sensitive information.
The research indicated scammers’ strong focus on technology and social networking platforms. The top 10 impersonated brands in Q4 2024 were: Microsoft – 32%, Apple – 12%, Google – 12%, LinkedIn – 11%, Alibaba – 4%, WhatsApp – 2%, Amazon – 2%, Twitter – 2%, Facebook – 2%, and Adobe – 1%.
The holiday period saw a noticeable increase in phishing campaigns targeting retail and clothing brands. Fraudsters created fake domains like nike-blazers[.]fr and adidasyeezy[.]ro to mimic official websites, enticing unsuspecting shoppers with fake discounts. These sites tricked users into revealing their login credentials and personal information.
Using professional designs and brand logos, these fraudulent websites appeared convincingly legitimate, making it difficult for users to detect the deception. The report stated that victims frequently provided sensitive details that hackers exploited for financial gain.
The report highlighted several high-profile phishing attempts; A phishing site, wallet-paypal[.]com, mimicked PayPal’s login page to steal financial credentials. The interface closely resembled PayPal’s official platform, deceiving users into providing their details.
Another case involved a fake domain, svfacebook[.]click, replicating Facebook’s login page to harvest personal information. Although the domain is no longer active, its subdomains previously targeted Facebook users.
The persistence of phishing campaigns targeting prominent brands underscores the need for robust security measures and heightened user awareness. CPR recommends the following strategies to mitigate threats; install and update security software on all devices; be cautious of unsolicited communications, especially those requesting sensitive details; Avoid clicking on unfamiliar links or offers that seem too good to be true; and enable Multi-Factor Authentication (MFA) for added account protection.
The report emphasises the importance of educating users about phishing dangers and equipping them with tools to identify and respond to potential threats. As cybercriminals continue to refine their methods, individuals and businesses must adopt proactive security practices to stay ahead.
