A recent vulnerability report published by Check Point Research has identified Microsoft as one of the top 10 global companies vulnerable to phishing attacks. The report, titled “Brand Phishing Ranking” for the second quarter of 2024, highlighted Microsoft as the most imitated brand in phishing attacks, with 57 percent of all attempts targeting the tech giant.

The report also noted that Apple jumped to the second spot with 10 percent, while LinkedIn maintained its third-place ranking with 7 percent of phishing attempts. Additionally, new entries to the list included Adidas, WhatsApp, and Instagram, signaling a shifting threat landscape as these brands entered the top 10 for the first time since 2022.

Brand phishing remains a prevalent threat, with cybercriminals frequently targeting technology companies, social networks, and banking sectors. These industries are often prime targets due to the sensitive information they hold, making them valuable targets for attackers. Companies like Microsoft, Google, and Amazon, which provide essential services like email, cloud storage, and online shopping, are particularly at risk.

To protect themselves against phishing attacks, users are advised to verify the sender’s email address, avoid clicking on unsolicited links, and enable multi-factor authentication on their accounts. The report also recommends using and regularly updating security software to detect and block phishing attempts effectively.

The report highlighted examples of how cybercriminals mimic well-known brands like Adidas and Instagram to deceive victims. Fraudulent sites with domains closely resembling authentic brand websites are designed to lure users into entering their credentials and personal information. These phishing pages exploit their resemblance to the original sites to successfully steal information from unsuspecting users.

In the case of Instagram, cybercriminals have been observed launching numerous online scams to deceive users into divulging their login credentials on fake domains. For instance, a phishing page hosted at ‘instagram-nine-flame].[vercel].[app/login’ mimics Instagram’s login interface to trick users into entering their usernames and passwords. Another campaign utilized the domain ‘instagram-verify-account].[tk’ to deceive users into entering personal information under the guise of verifying their accounts.

Overall, the report serves as a reminder of the ongoing threat posed by phishing attacks and the need for users and companies to remain vigilant in safeguarding their sensitive information. By following best practices, such as verifying sender information and using security software, individuals can protect themselves against falling victim to cybercriminals’ deceptive tactics.

Source link