Research Ranks Microsoft as the Primary Target in Phishing Attacks in 2024 Q2

Industry News

Phishing attacks are one of the primary cyber threats. Check Point Research has released its latest Brand Phishing Ranking for the second quarter of 2024, revealing which brands are most commonly impersonated by cybercriminals attempting to steal personal information or payment credentials. Microsoft continues to be the most impersonated brand in phishing attacks, accounting for over half (57%) of all attacks. Apple (10%) jumped from fourth place in the first quarter of 2024 to second place. LinkedIn remains third with 7%. Meanwhile, Adidas, WhatsApp, and Instagram entered the top ten for the first time since 2022.

Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q2 2024:

1. Microsoft 57%
2. Apple 10%
3. LinkedIn 7%
4. Google 6%
5. Facebook 1.8%
6. Amazon 1.6%
7. DHL 0.9%
8. Adidas 0.8%
9. WhatsApp 0.8%
10. Instagram 0.7%

The Technology sector remained the most impersonated industry in brand phishing, followed by Social Networks and Banking. Technology companies are prime targets for attackers because they frequently store sensitive information such as personal data, financial information, and access to other accounts. Companies like Microsoft, Google, and Amazon, which provide email, cloud storage, and online shopping services, are all on the list. This implies that individuals are more likely to respond to emails that appear to be from these key service providers in brand phishing attacks.

In the second quarter of 2024, Check Point discovered multiple phishing attack campaigns impersonating Adidas brand websites. For example, the fake websites were highly similar to deceive victims. These fraudulent websites aimed to trick users into entering their credentials and personal information by mimicking the official brand website, leading to successful information theft.

In recent months, researchers also observed numerous attack campaigns using the Instagram brand to carry out online scams. For instance, the phishing page hosted at instagram-nine-flame[.]vercel[.]app/login mimicked the Instagram login interface. This fake webpage was hosted on Vercel, a platform used to create React applications, enticing users to enter their usernames and passwords.
Another observed attack campaign used the domain instagram-verify-accoun[.]tk, which is currently disabled but previously displayed a message prompting users to verify their Instagram account, tricking them into entering personal information. This strategy aimed to exploit trust and steal user credentials.

To protect against phishing attacks, users should always verify the sender’s email address, never click on suspicious links, and enable multi-factor authentication (MFA) on their accounts. Additionally, using security protection software and ensuring it’s up-to-date helps detect and prevent phishing attacks.