Microsoft continues to dominate as the most imitated brand, accounting for 61% of all brand phishing attempts, as per the Check Point Research’s (CPR), Brand Phishing Ranking for the third quarter of 2024.
Check Point Research (CPR) is the Threat Intelligence arm of Check Point Software Technologies and the report sheds light on the brands most frequently imitated by cybercriminals, in their attempts to deceive and steal personal information or payment credentials, emphasising the ongoing risks associated with phishing attacks in today’s digital landscape.
In the third quarter, Apple retained its second position with 12%, while Google climbed to third place with 7%. Additionally, Alibaba makes its debut in the top 10 at seventh place, and Adobe reenters the rankings at eight, marking its first appearance since Q2 2022.
The Technology sector remains the most impersonated industry, followed by Social Networks and Banking, highlighting the persistent vulnerabilities faced by major online service providers.
The consistent prevalence of phishing attacks demonstrates the need for heightened awareness and security measures. Users must remain vigilant by verifying email sources, avoiding suspicious links, and utilising multi-factor authentication (MFA) to protect their personal and financial information from cyber threats.
Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q3 2024:
- Microsoft – 61%
- Apple – 12%
- Google – 7%
- Facebook – 3%
- WhatsApp – 1.2%
- Amazon – 1.2%
- Alibaba – 1.1%
- Adobe – 0.8%
- Twitter – 0.8%
- Adidas – 0.6%
As per the report, a new phishing website, whatsapp-io.com, has been identified as a threat to WhatsApp users. Although currently unreachable, the site was designed to mimic a WhatsApp security centre, prompting users to enter personal information, including their phone number and country or region, under the pretence of resolving account anomalies. This website is part of a broader trend, with multiple similar domains, such as whatsapp-as.com, whatsapp-ia.com, and whatsapp-li.com, being registered and reported around the same timeframe.
In another alarming development, a malicious phishing website alibabashopvip.com, has emerged, impersonating the Alibaba ecommerce retail brand. This fraudulent site aims to deceive users by mimicking Alibaba’s official branding and offering counterfeit products. The site, which appears in Vietnamese, encourages visitors to log in or register, potentially leading to the theft of personal information and payment details.
With the rise of phishing attempts targeting well-known brands, it is essential for users to stay informed and proactive in their online security practices. Ensuring that devices are equipped with
updated security software and being sceptical of unsolicited communications can significantly reduce the risk of falling victim to cyber attacks.