In the third quarter of 2024, Microsoft has once again found itself at the top of the list as the most impersonated brand in phishing attacks, according to research conducted by CheckPoint. This is not the first time Microsoft has taken the lead in such attacks, with a whopping 61% of brand phishing attempts using Microsoft branding.
Following closely behind Microsoft is Apple, maintaining its position as the second most impersonated brand with 12% of phishing attempts using its branding. Google, on the other hand, has climbed to the third spot with 7% of phishing attempts leveraging its branding. It is worth noting that Google had previously been ranked fourth in the list.
Surprisingly, Alibaba has made its debut in the top 10 list, securing the seventh position with 1.1% of phishing attempts using its branding. Additionally, Adobe has re-entered the ranking at eighth place with 0.8% of phishing attempts, marking its first appearance in the list since Q2 of 2022.
Among the various sophisticated brand impersonation attempts identified by Check Point, one notable example is the Vietnamese-language malicious phishing website alibabashopvip\[dot]com. This website impersonated the Alibaba e-commerce retail brand with official branding and offered counterfeit products, posing a significant threat to unsuspecting users.
Another concerning trend identified by the threat intelligence team is the emergence of Whatsapp-related websites such as whatsapp-io[dot]com. These websites mimic a Whatsapp security center and prompt users to enter personal information, including their phone number and country or region, under the guise of resolving account anomalies. Such deceptive practices can put users at risk of identity theft and other forms of cybercrime.
These findings highlight the critical need for users to remain vigilant and cautious when interacting online, especially when providing personal information or engaging with unfamiliar websites. As cyber threats continue to evolve and become more sophisticated, it is essential for individuals to stay informed about best practices for online security and to exercise caution when sharing sensitive information.
In conclusion, the prevalence of brand phishing attacks targeting well-known companies like Microsoft, Apple, and Google underscores the importance of cybersecurity awareness and education. By staying informed and adopting proactive security measures, individuals can better protect themselves against the growing threat of phishing attacks and other forms of cybercrime in an increasingly digital world.