Brand phishing attacks surge in Q1’24, Microsoft and Google top the chart

Global technology majors Microsoft and Google were the most frequently impersonated brands in phishing attacks during the first quarter of 2024, according to a report from cyber security firm Check Point.

In a brand phishing attack, criminals fake the official website of a well-known brand by using a similar domain name or URL and web page design. The phishing link will be sent to targeted individuals by email or text message, tricking them to open the link and share their personally identifiable information and financial credentials. The fake website often contains a form intended to steal such personal information.

Microsoft-themed phishing attempts accounted for 38% of attacks in Q1 2024, while Google came in at a distant second with 11%. Notably, phishing attacks impersonating vacation rental company Airbnb have spiked over the past few weeks.

The technology sector remained the most impersonated industry in brand phishing, which is likely due to their widespread usage in corporate and remote work environments. In many cases, they are used with the employee’s internal credentials, and their exposure poses an even larger risk than the disclosure of an individual’s details used in social media, shipping, or banking platforms, the report shows.

“The Technology sector remained unchanged as the most impersonated industry in brand phishing, followed by Social Networks and Banking,” Check Point said.

Airbnb, the hospitality aggregating firm, appears in the list for the first time, figuring in one percent of attacks. “This shows the adaptability of cybercriminals in their choice of imitated brands,” the report said.

The top-10 ranking includes Apple (5%); DHL (5%); Amazon (3%); Facebook (2%); Roblox (2%); and Wells Fargo (2%).

Check Point also observed several novel phishing campaigns during Q1 2024, which are particularly challenging to detect. In one campaign that impersonated Microsoft, threat actors utilized a variety of false email subjects and sender identities to deceive recipients.

The deceptive emails included subjects such as “Message Failure Delivery Notice,” “Outlook Info Replacement,” and “Please Complete Invoice from DocuSign Electronic Signature Service.”

The emails contained a link, which if clicked, took recipients to a phishing website that resembles a typical Outlook login page.

Check Point said, “In light of the persistent threat posed by brand impersonation, users must maintain heightened vigilance and exercise caution when engaging with emails or messages purportedly from trusted brands. By remaining vigilant and adopting proactive cybersecurity practices, individuals can mitigate the risk of falling victim to cybercriminal tactics.”

A new index developed by researchers from the University of Oxford, the University of New South Wales, Monash University, and Sciences Po earlier this month identified the countries that are the most significant sources of cybercriminal activity. The index was created by surveying 92 leading cybercrime experts worldwide.

India ranked 10th on the index, with Russia, China, Ukraine, and the U.S. topping the chart. Researchers also noted that cybercrime will cost the world around $9.22 trillion in 2024. This figure is expected to grow to $13.82 trillion by 2028, the report said.