Cyber criminals continue to refine their phishing tactics, targeting trusted global brands to deceive users and steal sensitive information. Check Point Research (CPR), the intelligence arm of Check Point® Software, has unveiled its latest findings for Q4 2024, revealing key trends in brand phishing attacks.
Technology Sector Leads in Phishing Attempts
Microsoft retained its dominance as the most imitated brand in phishing schemes, accounting for a staggering 32% of all attempts. Apple followed with 12%, while Google ranked third. Notably, LinkedIn reentered the list at fourth place, emphasizing the persistent targeting of technology and Social Network brands.
The persistence of phishing attacks leveraging major brands underscores the critical need for user education and advanced security measures. Verifying email sources, avoiding unfamiliar links, and enabling multi-factor authentication (MFA) are vital to protect against these evolving threats.
Top 10 Phished Brands in Q4 2024
- Microsoft: 32%
- Apple: 12%
- Google: 12%
- LinkedIn: 11%
- Alibaba: 4%
- WhatsApp: 2%
- Amazon: 2%
- Twitter: 2%
- Facebook: 2%
- Adobe: 1%
Targeting Retail and Clothing Brands During the Holidays
The holiday season saw a surge in phishing campaigns impersonating well-known clothing brands. Fraudulent domains, such as nike-blazers[.]fr and adidasyeezy[.]ro, replicated official websites to mislead shoppers with fake discounts, ultimately stealing login credentials and personal information. These fraudulent sites replicate the brand’s logo and offer unrealistically low prices to lure victims. Their goal is to trick users into sharing sensitive information, such as login credentials and personal details, enabling hackers to steal their data effectively.
Examples of targeted brands include:
- Adidas – adidasyeezy[.]co[.]no, adidassamba[.]com[.]mx, adidasyeezy[.]ro and adidas-predator[.]fr
- LuluLemon – lululemons[.]ro
- Hugo Boss – www[.]hugoboss-turkiye[.]com[.]tr, hugobosssrbija[.]net and www[.]hugoboss-colombia[.]com[.]co
- Guess – www[.]guess-india[.]in
- Ralph Lauren – www[.]ralphlaurenmexico[.]com[.]mx
High-Profile Credential Theft Cases
PayPal Impersonation: A phishing site, wallet-paypal[.]com, mimicked PayPal’s login page to deceive users and harvest financial credentials. The fake platform displayed a convincing interface to create a sense of legitimacy, luring victims into providing sensitive data.
Facebook Fraud: A fraudulent website, svfacebook[.]click, imitated Facebook’s login page, prompting users to share personal details. Although this domain is no longer active, its subdomains previously targeted Facebook users.
Staying Ahead of Cyber Threats
The steady rise in phishing campaigns targeting recognized brands reinforces the importance of vigilance. Users can reduce their risk by:
- Installing up-to-date security software.
- Recognizing red flags in unsolicited communications.
- Avoiding interactions with suspicious links or websites.
Stay informed and secure as phishing tactics evolve in 2025. For a detailed analysis of Q4 2024’s brand phishing trends, visit Check Point Research.