By 
Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP) and a pioneer and global leader of cyber security solutions, has released its latest Brand Phishing Ranking for Q4 2024. This report highlights the brands most frequently imitated by cybercriminals in their efforts to steal personal information and payment credentials, underscoring the ongoing threats posed by phishing attacks in an increasingly digital world.
RELATED: J2 Software and SlashNext highlight AI’s role in combating BEC and advanced phishing attacks
In the fourth quarter, Microsoft retained its position as the most imitated brand, accounting for 32% of all brand phishing attempts. Apple held on to the second position with 12%, while Google maintained its third-place ranking. LinkedIn reentered the list at fourth place, after a brief absence. The Technology sector emerged as the most impersonated industry, followed by Social Networks and the Retail sector.
Omer Dembinsky, Data Group Manager at Check Point Software, commented, “The persistence of phishing attacks leveraging well-known brands underscores the importance of user education and advanced security measures. Verifying email sources, avoiding unfamiliar links, and enabling multi-factor authentication (MFA) are crucial steps in protecting personal and financial data from these ever-evolving threats.”
Top Phishing Brands
Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q42024:
- Microsoft – 32%
- Apple – 12%
- Google – 12%
- LinkedIn – 11%
- Alibaba – 4%
- WhatsApp – 2%
- Amazon – 2%
- Twitter – 2%
- Facebook – 2%
- Adobe – 1%
Clothing Brands Phishing campaigns
During the holiday season, several phishing campaigns targeted shoppers by imitating the websites of well-known clothing brands. For example, domains like nike-blazers[.]fr, nike-blazer[.]fr, and nike-air-max[.]fr were designed to deceive users into believing they were official Nike platforms. These fraudulent sites replicate the brand’s logo and offer unrealistically low prices to lure victims. Their goal is to trick users into sharing sensitive information, such as login credentials and personal details, enabling hackers to steal their data effectively.
Additional examples included:
- Adidas – adidasyeezy[.]co[.]no, adidassamba[.]com[.]mx, adidasyeezy[.]ro and adidas-predator[.]fr
- LuluLemon – lululemons[.]ro
- Hugo Boss – www[.]hugoboss-turkiye[.]com[.]tr, hugobosssrbija[.]net and www[.]hugoboss-colombia[.]com[.]co
- Guess – www[.]guess-india[.]in
- Ralph Lauren – www[.]ralphlaurenmexico[.]com[.]mx
PayPal login page – Credentials theft example
We recently identified a malicious phishing webpage operating under the domain wallet-paypal[.]com, crafted to impersonate the PayPal brand. This fake site mimics PayPal‘s login page, including the official logo, to deceive users. By creating a false sense of legitimacy, it lures victims into logging in or registering, ultimately stealing their personal and financial information.
Facebook Impersonation
In the last quarter in 2024, we identified a fraudulent website (svfacebook[.]click) designed to mimic the Facebook login page. The site prompted victims to enter personal information, such as their email and password. Although the domain is no longer resolving to an active webpage, it was recently created and had previously hosted multiple subdomains impersonating Facebook’s login page.
With the consistent rise in phishing attempts targeting globally recognized brands, users must stay vigilant and proactive in adopting security best practices. Installing updated security software, recognizing red flags in unsolicited communications, and avoiding interactions with suspicious websites can significantly reduce the risk of falling victim to phishing schemes.
