Microsoft is identified as the primary target in phishing attacks, with significant shifts observed in the Top 10 rankings.

In the realm of cyber security, phishing attacks are among the most prevalent threats, often serving as the initial step for larger-scale campaigns within supply chains. Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd., has recently released its latest Brand Phishing Ranking for the third quarter of 2024. This report sheds light on the brands most frequently imitated by cyber criminals, in their attempts to deceive and steal personal information or payment credentials, emphasizing the ongoing risks associated with phishing attacks in today’s digital landscape.

In the third quarter, Microsoft continues to dominate as the most imitated brand, accounting for 61% of all brand phishing attempts. Apple retains its second position with 12%, while Google has climbed to third place with 7%. Additionally, Alibaba makes its debut in the top 10 at seven place, and Adobe reenters the rankings at eight, marking its first appearance since Q2 2022. The Technology sector remains the most impersonated industry, followed by Social Networks and Banking, highlighting the persistent vulnerabilities faced by major online service providers.

The consistent prevalence of phishing attacks demonstrates the need for heightened awareness and security measures. Users must remain vigilant by verifying email sources, avoiding suspicious links, and utilizing multi-factor authentication (MFA) to protect their personal and financial information from cyber threats.

Top Phishing Brands

Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q3 2024:

1. Microsoft – 61%
2. Apple – 12%
3. Google – 7%
4. Facebook – 3%
5. WhatsApp – 1.2%
6. Amazon – 1.2%
7. Alibaba – 1.1%
8. Adobe – 0.8%
9. Twitter – 0.8%
10. Adidas – 0.6%

Phishing Scams Targeting WhatsApp Users

A new phishing website, whatsapp-io.com, has been identified as a threat to WhatsApp users. Although currently unreachable, the site was designed to mimic a WhatsApp security center, prompting users to enter personal information, including their phone number and country or region, under the pretense of resolving account anomalies. This website is part of a broader trend, with multiple similar domains, such as whatsapp-as.com, whatsapp-ia.com, and whatsapp-li.com, being registered and reported around the same timeframe.

Alibaba Impersonation

In another alarming development, a malicious phishing website alibabashopvip\.com, has emerged, impersonating the Alibaba ecommerce retail brand. This fraudulent site aims to deceive users by mimicking Alibaba’s official branding and offering counterfeit products. The site, which appears in Vietnamese, encourages visitors to log in or register, potentially leading to the theft of personal information and payment details. Notably, Alibaba has made its top 10 debut in this quarter’s rankings.

With the rise of phishing attempts targeting well-known brands, it is essential for users to stay informed and proactive in their online security practices. Ensuring that devices are equipped with updated security software and being skeptical of unsolicited communications can significantly reduce the risk of falling victim to cyber attacks.