Check Point Research (CPR) recently published its latest Brand Phishing Report, examining which brands were most impersonated in phishing attacks during the fourth quarter of 2023. These attacks aim to capture personal information and banking details by pretending to be a trusted person or organization.
In the last quarter, Microsoft returned as the most impersonated brand, accounting for 33 percent of all phishing attempts. Major technology companies dominated the list, with Amazon in second place at 9 percent and Google third at 8 percent. Notably, it wasn’t only familiar social media platforms and banks that were targeted; courier services such as DHL also appeared on the list, likely driven by increased parcel activity during the year-end period.
The top brands most abused in phishing attacks during Q4 2023 are listed below:
- Microsoft (33%)
- Amazon (9%)
- Google (8%)
- Apple (4%)
- Wells Fargo (3%)
- LinkedIn (3%)
- Home Depot (3%)
- Facebook (3%)
- Netflix (2%)
- DHL (2%)
A typical Microsoft-branded phishing campaign usually involves an email claiming to be connected to Microsoft user accounts. Recipients are urged to click a link to verify their email address so they can continue using Microsoft services. Those links, however, lead to counterfeit pages rather than official sites and are designed to harvest sensitive credentials.
Mats Ekdahl, a security expert at Check Point Software, emphasizes the importance of vigilance to avoid becoming a victim of these scams. He advises users to carefully inspect email text, hyperlinks, and sender addresses for spelling mistakes or anomalies. Organizations can further reduce risk by deploying robust security technologies that detect and block phishing attempts, limiting the chance that employees will be tricked. Maintaining a critical mindset and verifying links before clicking are essential practices to prevent attacks and preserve a secure digital environment.