Brand Phishing: Microsoft in first place

March 13, 2025
| No comments
Advertising

Share post

The trend toward brand phishing to steal personal credentials and information continues unabated. In the last quarter of 2024, the most frequently counterfeited brands came from the technology sector. There are also counterfeits from PayPal, Facebook, Nike, Adidas, and various luxury brands.

Check Point Research (CPR) has released its latest Brand Phishing Ranking for Q4 2024. In the fourth quarter, Microsoft remained the most frequently imitated brand at 32 percent. Apple maintained second place with 12 percent, while Google retained its third place with 12 percent, but a slightly lower value at the decimal point. LinkedIn reappeared at number four on the list after a brief absence. The technology sector emerged as the most frequently imitated industry, followed by social networks and retail.

Advertising

Omer Dembinsky, Data Group Manager at Check Point Software, commented: "The persistence of brand phishing attacks underscores the importance of user education and advanced security measures. Verifying email sources, avoiding unknown links, and enabling multi-factor authentication (MFA) are critical steps to protect personal and financial data from ever-evolving threats."

Top Brand Phishing Brands

Below are the top 10 brands, ranked by their total share of phishing attacks in the fourth quarter of 2024:

Advertising

Subscribe to our newsletter now

Read the best news from B2B CYBER SECURITY once a month



By clicking on "Register" I agree to the processing and use of my data in accordance with the declaration of consent (please open for details). I can find more information in our Privacy Policy. After registering, you will first receive a confirmation email so that no other person can order something you don't want.
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our Privacy Policy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.

CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest. For more information, see the privacy policy of CleverReach at: https://www.cleverreach.com/de/datenschutz/.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
  • Microsoft – 32%
  • Apple – 12%
  • Google – 12%
  • LinkedIn – 11%
  • Alibaba – 4%
  • WhatsApp – 2%
  • Amazon – 2%
  • Twitter – 2%
  • Facebook – 2%
  • Adobe – 1%

Fake domains from Nike, Adidas, Hugo Boss and Ralph Lauren

During the holiday season, several phishing campaigns targeted shoppers by imitating the websites of well-known clothing brands. For example, domains such as nike-blazers[.]fr, nike-blazer[.]fr, and nike-air-max[.]fr were designed to trick users into believing they were official Nike platforms (see Figure 1). These fraudulent websites mimic the brand's logo and lure victims into purchasing with unrealistically low prices. Their goal is to trick users into disclosing sensitive information such as login credentials and personal details so that the hackers can steal their data.

Further examples including fake domains are:

  • Figure 1: Fake Nike and LuluLemon websites advertise with photos of existing stores. (Source: Check Point Software Technologies Inc.)

    🔎Fake websites for Nike and LuluLemon advertise with photos of existing stores. (Source: Check Point Software Technologies Inc.)

    Adidas – adidasyeezy[.]co[.]no, adidassamba[.]com[.]mx, adidasyeezy[.]ro and adidas-predator[.]fr

  • LuluLemon – lululemons[.]ro (see image)
  • Hugo Boss – www[.]hugoboss-turkiye[.]com[.]tr, hugobosssrbija[.]net and www[.]hugoboss-colombia[.]com[.]co
  • Guess – www[.]erraten-indien[.]in
  • Ralph Lauren – www[.]ralphlaurenmexico[.]com[.]mx

Fake PayPal login page to steal login data

Figure 2: PayPal: Phishing page (left), original login page (right). (Source: Check Point Software Technologies Inc.)

🔎PayPal: Phishing page (left), original login page (right). (Source: Check Point Software Technologies Inc.)

CPR has also identified a malicious phishing website impersonating the well-known online payment service provider PayPal under the domain wallet-paypal[.]com (see image). This fake website imitates the PayPal login page, including the official logo, to deceive users. By creating a false sense of legitimacy, victims are tricked into logging in or registering, after which their personal information is harvested.

Facebook identification

In the last quarter of 2024, CPR identified a fraudulent website (svfacebook[.]click) designed to mimic the Facebook login page. It prompted victims to enter personal information such as their email address and password. Although the domain no longer points to an active website, it was recently created and had previously hosted several subdomains mimicking the Facebook login page.

Given the ever-increasing number of phishing attempts targeting globally recognized brands, users must remain vigilant and proactively apply security best practices. Installing up-to-date security software, recognizing suspicious patterns in unsolicited messages and emails, and avoiding interactions with suspicious websites can significantly reduce the risk of falling victim to phishing attempts.

More at CheckPoint.com

 

About check point

Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.

 

Matching articles on the topic

Sophisticated Phishing-as-a-Service (PhaaS) platform

Security researchers have uncovered a sophisticated Phishing-as-a-Service (PhaaS) platform that poses a serious threat to organizations around the world. The threat actor ➡ Read more

PDFs: The Trojan Horses of Hackers

Cybercriminals are increasingly using the popular PDF file format to hide malicious code. Recent IT forensics findings underscore this: 68 ➡ Read more

Maximum IT security for OT systems

OT systems are rarely attacked directly. However, gaps and vulnerabilities in traditional IT make OT systems more vulnerable to attacks. ➡ Read more

IT resilience: cybersecurity at the storage level

More data security features for greater IT resilience at the storage level: Cyber ​​security managers can pursue a proactive data security approach at the storage level with highly secure NetApp storage and thus ➡ Read more

Algorithms for post-quantum cryptography

A provider of IT security solutions introduces Quantum Protect, a post-quantum cryptography application suite for its u.trust General Purpose Hardware Security Modules (HSMs) ➡ Read more

Power grid threat: security gaps in solar systems

A cybersecurity solutions provider published its research report “SUN:DOWN – Destabilizing the Grid via Orchestrated Exploitation of Solar Power Systems”, which ➡ Read more

Cloud and SaaS security is inadequate

A recent study shows that companies' security strategies are failing to keep pace with the rapid adoption of cloud-native technologies. 28 ➡ Read more

OT environments: Detect and assess threats

Enterprises with limited resources can identify, assess, and make informed decisions about threats in OT environments with a comprehensive endpoint protection solution. ➡ Read more

PR News
, , , , , , ,