Check Point Research (CPR), the Threat Intelligence division of Check Point Software, has published its Brand Phishing Report for the fourth quarter of 2023.
The report highlights the brands most frequently imitated by cybercriminals in their attempts to steal personal data or credentials from individuals’ financial institutions during October, November, and December 2023.
In the last quarter of the previous year, Microsoft secured the first place as the most impersonated and imitated brand, accounting for 33% of all brand phishing attempts.
The technology sector stood out as the most targeted overall, with Amazon claiming the second spot at 9%, and Google in third at 8%.
Social networks and the banking sector represented the other two most targeted sectors in the Brand Phishing Top 10.
To wrap up the list of top brands, consumer spending associated with the year-end holiday season led cybercriminals to continue targeting retail and delivery companies in the fourth quarter of 2023.
The widely recognized parcel delivery brand DHL entered the Top 10, possibly due to increased shopping activity since November (Black Friday), while Amazon’s ranking could be attributed largely to its annual Amazon Prime Day promotion scheduled during the second week of October.
“We bid farewell to 2023, but one threat continued to accompany us into this new year: the danger of phishing. Even cybercriminals with limited IT skills can accurately impersonate legitimate brands to deceive unsuspecting users and consumers and conduct social engineering attacks,” says Omer Dembinsky, Manager of the Check Point Software Data Research Group.
“With the widespread use of Artificial Intelligence (AI), we can expect an increase in the volume of phishing campaigns this year even more indistinguishable from legitimate company communications. As major technology brands, social networks, and banks continue to be imitated, end-users need to pay extra attention when interacting with emails claiming to be from a trusted brand,” warns Dembinsky.
Below are the Top 10 brands ranked by identification in brand phishing events and campaigns during the fourth quarter of 2023:
The Check Point Research (CPR) team identified a fake email posing as Microsoft’s account team.
The email text claimed to require email address verification and asked recipients to click on a verification link.
The email’s subject line read “Microsoft: Verify your email address,” aiming to create a sense of urgency. The included phishing link in the email was:
This link is not associated with Microsoft. The email requested recipients to verify their email addresses and could potentially lead to fraudulent activities.
The CPR research team identified a fake email pretending to be from Apple, sent from the address “blake[@]borderpfoten[.]de.”
This email intended to alert recipients about nearly full storage in their Apple account. The fake email’s subject line was “{Recipient’s name} Your Apple storage is almost full!!” and had a personalized touch to create a sense of urgency.
The email included a malicious link “ktraks[.]futurwatt܂com/ga/click/,” which is currently inactive.
This link is not associated with Apple. The email asked recipients to fix the storage issue by clicking the inactive link, which could lead to fraudulent activities.
The best defense is to be aware of the telltale signs of a phishing message. It’s crucial to be even more attentive now, as with the increasing adoption of AI, it’s no longer sufficient to look for words with spelling and grammar errors.
Here are the key indicators listed to identify phishing: