Cybercriminals who specialize in phishing attacks often spoof popular companies and products to trick unsuspecting users. By impersonating a well-known brand, the scammers try to convince their victims that their malicious emails and web pages are legitimate. A new report from cyber intelligence firm Check Point Research highlights the most spoofed brands so you’ll know which emails and pages to scrutinize.
Top 10 most-phished brands
Among the top 10 most-phished brands in the fourth quarter of 2024, Microsoft remained in the top spot, appearing in 32% of all attacks seen by Check Point. Apple and Google took second and third place, respectively, each appearing in 12% of the attacks.
LinkedIn was next with 11%, followed by Alibaba with 4%. Rounding out the list were WhatsApp, Amazon, Twitter, and Facebook, each with 2%. In the tenth spot was Adobe, found in 1% of the phishing campaigns.
Also: How to protect yourself from phishing attacks in Chrome and Firefox
As last quarter marked the traditional holiday season, retail brands were also targeted in phishing attacks. Scammers often create fraudulent retail domains with phony sales and fake discounts to try to steal the passwords and sensitive data of innocent visitors.
During the fourth quarter, malicious domains like nike-blazers.fr and adidasyeezy.ro mimicked the legitimate sites of Nike and Adidas. Other retail brands recently exploited included Lululemon, Hugo Boss, Guess, and Ralph Lauren.
In its report, Check Point focused on two especially deceptive phishing campaigns. In one attack, the phishing site impersonated PayPal’s login page to try to capture the credentials and financial data of users. In another, a phony website imitated Facebook’s login page to trick people into sharing their account details. Though both sites are now flagged as deceptive, the phishing threat remains in full force.
How to protect yourself
To protect yourself against phishing attacks, Check Point offers the following advice:
- Use security software and make sure it’s up to date.
- Scan for any red flags on web pages and in unsolicited emails. These can include typos and other errors, mismatched or misspelled domain names, urgent calls to action, requests for personal information, odd links or attachments, and offers that seem too good to be true.
- Avoid interacting with suspicious links, attachments, and websites. Don’t click on links or attachments in unsolicited emails and be wary of websites that appear off in some way.
Also: How scammers are tricking Apple iMessage users into disabling phishing protection
“The persistence of phishing attacks leveraging major brands underscores the critical need for user education and advanced security measures,” Check Point added in its report. “Verifying email sources, avoiding unfamiliar links, and enabling multi-factor authentication (MFA) are vital to protect against these evolving threats.”
