Check Point Research (CPR), the Threat Intelligence arm of Check Point Software Technologies Ltd. (NASDAQ: CHKP) and a leading provider of cyber security solutions globally, has published its Brand Phishing Report for Q4 2023.
The report highlights the brands that were most frequently imitated by cybercriminals in their attempts to steal individuals’ personal information or payment credentials during October, November and December 2023.
Last quarter, Microsoft claimed the top spot as the number one most impersonated brand, accounting for 33% of all brand phishing attempts.
The technology sector stood out as the most targeted industry overall, with Amazon securing second place with 9% and Google in third on 8%. Social networks and banking represented the other two most targeted industries.
Consumer spending associated with the festive period saw cybercriminals continue to target retailers and couriers in Q4 2023.
The widely recognized package delivery brand DHL moved into the top ten, possibly due to increased activity during the November shopping month, while Amazon’s ranking can largely be attributed to the annual Amazon Fall Prime Day sale that was scheduled during the second week of October.
“While we have said goodbye to 2023, one thing has followed us into the new year and that is the threat of phishing. Even cybercriminals with limited IT expertise can accurately mimic legitimate brands to deceive unsuspecting customers and carry out social engineering attacks” said Omer Dembinsky, Data Group Manager at Check Point Software.
“Following the widespread use of AI, we can expect to see a higher volume of phishing campaigns this year that are even more indistinguishable from genuine company communications. As the biggest names in technology, social networking and banking continue to be imitated, end users need to be extra vigilant when engaging with emails claiming to be from a reputable brand.”
Top Phishing brands
Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q4 2023:
- Microsoft (33%)
- Amazon (9%)
- Google (8%)
- Apple (4%)
- Wells Fargo (3%)
- LinkedIn (3%)
- Home Depot (3%)
- Facebook (3%)
- Netflix (2%)
- DHL (2%)
Microsoft Phishing Email – Email Verification Scam
This deceptive email, posing as the Microsoft account team, claimed to require email address verification and urged recipients to click a verification link. It featured a subject line “Microsoft: Verify your email address” aiming to create a sense of urgency. The phishing link included in the email was: “cloudflare-ipfs[.]com/ipfs/bafybeigjhhhd64vhna67panxz6myhaelya6vphjbic65jog5hvm4mmgpum”.
This link is not associated with Microsoft. The email requested recipients to verify their email address and may potentially lead to fraudulent activities.
Apple Phishing Email – Storage Limit Alert Scam
This deceptive email, posing as Apple, sent from the address “blake@borderpfoten[.]de”, claimed to alert recipients about nearly full storage in their Apple account. The subject line “{The name of the victim} Your Apple Storage is Almost Full!!” (Original: Din Apple Lagring er Næsten Fuld!!) added a personalized touch to create a sense of urgency.
The email included a malicious link: “ktraks[.]futurwatt.com/ga/click/”, which is currently inactive. This link is not associated with Apple.
The email urged recipients to address the storage issue by clicking inactive link, potentially leading to fraudulent activities.
[Featured Image Credit]
Comments 2