Scammers and hackers love posing as your favorite brands as a way to draw you into their schemes as brand impersonation gives them an easy way into your inbox.
As reported by Cybernews, the cybersecurity company Check Point details the most impersonated brands in phishing schemes from Q4 of 2024 – and to no one’s surprise, Microsoft continues to top the list with a third, or 32%, of all attempts.
Tying for second and third places respectively were Apple and Google with 12% each, and LinkedIn, which is owned by Microsoft, came in fourth with 11%. The remainder of the list, with each entry getting 4% or less, were: Alibaba, WhatsApp, Amazon, Twitter, Facebook and Adobe.
While attackers often choose Microsoft because they’re specifically targeting Microsoft credentials as their goal, in its report, Check Point points out that it’s important to stay vigilant for the impersonation of other brands. The report details a number of fraudulent domains that popped up over the holiday season in attempts to mislead and confuse shoppers with look-alike URLs and fake discounts with the goal of stealing log-in credentials and personal information.
Some of the examples highlighted were nike-blazers[.]fr or adidasyeezy[.]ro which closely replicate official websites – including logos – and offer unrealistically low prices for limited times in order to pressure or lure victims into entering their personal information.
The hackers frequently localized fraudulent websites by using country-specific domains, for example, ralphlaurenmexico[.]com[.]mx. Other examples mentioned include a site that mimicked a copy of PayPal’s login page, or svfacebook[.]click which imitated the original Facebook login page.
In the report, Check Point states “the persistence of phishing attacks leveraging major brands underscores the critical need for user education and advanced security measures.”
How to stay safe from phishing scams
In its report, Check Point recommends many of the same security practices we do: verifying email sources, meaning making sure you know who sent an email, avoiding unfamiliar links or never clicking on anything unless you know where it came from, and enabling multi-factor authentication to protect against scammers.
Check Point also says users can reduce their risk by installing up-to-date security software, recognizing red flags in unsolicited communications and avoiding any interactions with suspicious links or websites.
We have recommendations for the best antivirus software programs that you can install right now to protect your computer, which often include a VPN or a password manager. For best security practices, make sure you know how to avoid common phishing scams – check that you're visiting legitimate websites by typing them into your browser yourself, instead of clicking on links, ask senders if they’ve emailed or messaged you instead of clicking links in messages or emails, and never, under no circumstances whatsoever, reuse passwords.
More from Tom's Guide
- More than 70 million students and teachers had their personal data stolen in PowerSchool breach
- Google Password Manager could soon be getting this highly requested feature
- 3.5 million hit in major law firm data breach — full names, SSNs, dates of birth, addresses and more exposed
