In the fourth quarter, Microsoft retained its position as the most imitated brand, accounting for 32% of all brand phishing attempts, according to the latest Brand Phishing Ranking for Q4 2024 from Check Point Research (CPR).
Apple held on to the second position with 12%, while Google maintained its third-place ranking. LinkedIn reentered the list at fourth place, after a brief absence. The Technology sector emerged as the most impersonated industry, followed by Social Networks and the Retail sector.
Omer Dembinsky, data group manager at Check Point Software, comments: “The persistence of phishing attacks leveraging well-known brands underscores the importance of user education and advanced security measures. Verifying email sources, avoiding unfamiliar links, and enabling multi-factor authentication (MFA) are crucial steps in protecting personal and financial data from these ever-evolving threats.”
The top 10 brands ranked by their overall appearance in brand phishing events during Q42024 are:
- Microsoft – 32%
- Apple – 12%
- Google – 12%
- LinkedIn – 11%
- Alibaba – 4%
- WhatsApp – 2%
- Amazon – 2%
- Twitter – 2%
- Facebook – 2%
- Adobe – 1%
During the holiday season, several phishing campaigns targeted shoppers by imitating the websites of well-known clothing brands. For example, domains like nike-blazers[.]fr, nike-blazer[.]fr, and nike-air-max[.]fr were designed to deceive users into believing they were official Nike platforms.
These fraudulent sites replicate the brand’s logo and offer unrealistically low prices to lure victims. Their goal is to trick users into sharing sensitive information, such as login credentials and personal details, enabling hackers to steal their data effectively.
Additional examples included:
- Adidas – adidasyeezy[.]co[.]no, adidassamba[.]com[.]mx, adidasyeezy[.]ro and adidas-predator[.]fr
- LuluLemon – lululemons[.]ro
- Hugo Boss – www[.]hugoboss-turkiye[.]com[.]tr, hugobosssrbija[.]net and www[.]hugoboss-colombia[.]com[.]co
- Guess – www[.]guess-india[.]in
- Ralph Lauren – www[.]ralphlaurenmexico[.]com[.]mx
CPR recently identified a malicious phishing webpage operating under the domain wallet-paypal[.]com, crafted to impersonate the PayPal brand. This fake site mimics PayPal’s login page, including the official logo, to deceive users. By creating a false sense of legitimacy, it lures victims into logging in or registering, ultimately stealing their personal and financial information.
In the last quarter in 2024, we identified a fraudulent website (svfacebook[.]click) designed to mimic the Facebook login page. The site prompted victims to enter personal information, such as their email and password. Although the domain is no longer resolving to an active webpage, it was recently created and had previously hosted multiple subdomains impersonating Facebook’s login page.