Microsoft remains the most impersonated brand in phishing attacks, followed by Apple and Google

Microsoft continues to be the most impersonated brand to carry out cyberattacks of this type ‘phishing’with 32 percent of all attempts identity theft registered in the fourth quarter of 2024, followed by Apple and Google with 12 percent, and LinkedIn with 11 percent.

The Threat Intelligence division of the cybersecurity company Check Point has published the results of its Brand Phishing Report, which highlights the brands most impersonated by cybercriminals during the fourth quarter of 2024, in their attempts to steal personal information or credentials. payment through ‘phishing’ attacks.

That is, a type of social engineering scam in which malicious actors send emails that impersonate companies or public organizations. By impersonating these companies, they deceive users by requesting personal information to, for example, access their banking details.

In this regard, Check Point has confirmed that Microsoft has remained the brand most used in ‘phishing’ scam attempts globally, with 32% of the total ‘phishing’ records identified during the fourth quarter of 2024, however, has registered 1% fewer impersonations than in the same period of 2023.

The second most impersonated brands have been Google and Apple, both with 12% of registered impersonations. In the case of the Cupertino brand, it has also maintained its position with respect to the data recorded in 2023, however it has experienced a growth of 3%.

The LinkedIn platform has once again entered the list of the brands most impersonated in ‘phishing’ attacks (11%) and, somewhat further away, impersonations of e-commerce brands such as Alibaba (4%) and Amazon (2) have also been identified. %), and social networks such as WhatsApp (2%), Twitter (2%), Facebook (2%). Likewise, Adobe brand impersonations have been found (1%).

These results highlight how the technology sector has been the most impersonated at the end of last year, followed by social networks and retail commerce.

LOOK: Artificial intelligence: Apple Intelligence will be enabled by default with iOS 18.3

Impersonation campaigns with Nike and Adidas

In addition to this list of the ten most impersonated brands, the cybersecurity company has also indicated that, coinciding with the Christmas season, several ‘phishing’ campaigns related to well-known clothing brands were identified. Specifically, these campaigns were aimed at online shoppers, and imitated websites of brands such as Nike, Adidas, LuluLemon, Hugo Boss, Guess and Ralph Lauren.

Other impersonations with Paypal and Facebook

Following this line, Check Point has also shared other recently identified examples of impersonation, which show the effectiveness of these ‘phishing’ attacks, such as PayPal and Facebook.

As explained by the company, in the identified case of PayPal, malicious actors have created a malicious website that operated under the domain ‘wallet- paypal[.]com’and which imitates the PayPal login page, including the official logo to give it more credibility.

However, once users enter their data to log in to the fake website, cybercriminals take the opportunity to steal their personal and financial information.

Likewise, cybersecurity experts have recently identified a case of Facebook impersonation. This is the fraudulent website ‘svfacebook[.]click’which imitates the login page of the Meta social network.

Thus, the website asked victims to enter personal information, specifically, their login credentials, with their email and password, to steal said data. However, the domain is no longer active.

With all this, the technical director of Check Point Software for Spain and Portugal, Eusebio Nieva, has stated that the persistence of ‘phishing’ attacks that use well-known brands to deceive users “underlines the importance of education and appropriate measures.” “advanced security.”

In this framework, Nieva recommends verifying email sources, avoiding unknown links and enabling multi-factor authentication (MFA). “These are crucial steps to protect personal and financial data from these constantly evolving threats,” he stated.