Microsoft Remains Top Phishing Target, Adidas and WhatsApp Join Top 10
Phishing attacks remain one of the most prevalent cyber threats and often serve as the precursor to larger-scale supply chain campaigns. Recently, Check Point Research (CPR), the threat intelligence arm of Check Point® Software Technologies Ltd., released an updated ranking of brands most frequently impersonated by cybercriminals in the second quarter of 2024. This ranking reveals which companies are most often used by malicious actors to deceive users and steal personal or payment information.
The second quarter of 2024 revealed that Microsoft continues to be the most impersonated brand, accounting for more than half of all phishing attempts at 57%. Apple ascended to the second position with 10%, moving up from the fourth place it held in the first quarter of this year. LinkedIn maintained its third-place position with 7% of phishing attacks. Additionally, Adidas, WhatsApp, and Instagram reappeared in the top 10 for the first time since 2022.
The technology sector remains the most frequently spoofed in phishing attacks, followed by social networks and the banking sector. Tech companies like Microsoft, Google, and Amazon often store sensitive data, including personal and financial information, and provide access to other accounts, making them attractive targets for cybercriminals.
To guard against phishing attacks, it is advisable to always verify the sender’s email address, avoid clicking on unsolicited links, and enable multi-factor authentication (MFA) on accounts. Additionally, using and regularly updating security software helps to detect and block phishing attempts.
Top 10 Brands Impersonated in Phishing Attacks in Q2 2024:
- Microsoft (57%)
- Apple (10%)
- LinkedIn (7%)
- Google (6%)
- Facebook (1.8%)
- Amazon (1.6%)
- DHL (0.9%)
- Adidas (0.8%)
- WhatsApp (0.8%)
- Instagram (0.7%)
In the second quarter, Check Point Research observed several phishing campaigns mimicking Adidas brand websites. For instance, the sites adidasyeezys[.]cz and adidasyeezys[.]it were created to deceive users into believing they were on official Adidas Yeezy sites. These fraudulent resources visually replicate the original Adidas site and are used to steal user data.
In recent months, numerous campaigns have exploited the Instagram brand for online scams, propelling Instagram to the tenth position on the list of most impersonated brands, a rank it has not held since 2022. One example includes a phishing page on the domain instagram-nine-flame[.]vercel[.]app/login, which mimicked the Instagram login interface, prompting users to enter their login credentials.
Another example is the domain instagram-verify-account[.]tk, which previously displayed a message urging users to enter personal information under the guise of verifying their Instagram account.
Phishing attacks continue to pose a serious threat, and users must exercise heightened vigilance to protect their data and avoid falling into the traps set by cybercriminals.
