Microsoft Most Impersonated Brand in Phishing Scams

Written by

Microsoft was impersonated in 38% of all brand phishing attacks in Q1 2024, according to new data from Check Point.

This is an increase on the proportion of brand phishing attempts impersonating the tech giant compared to Q4 2023, when it made up 33% of cases.

Google was the second most impersonated brand in Q1 2024, making up 11% of attempts. This was an increase of three percentage points compared to Q4 2023.

There was a marked decrease in the proportion of phishing attacks impersonating Amazon in Q1 2024 compared to the previous quarter, falling from 9% to 3%.

The researchers said the findings demonstrate how cybercriminals continuously evolve their phishing lures according to various factors. For example, attempts using LinkedIn as a lure rose from 3% in Q4 2023 to 11% Q1 2024, which could be linked to increased job hunting in the New Year.

Airbnb made its debut in the top 10 most impersonated brands list in Q1 2024, with 1% of attempts. Check Point researchers believe this climb is likely influenced by the Easter travel season.

“The seasonal surge in vacation planning could have amplified Airbnb’s visibility and appeal, particularly among travelers seeking unique accommodations,” they wrote.

The technology sector remained the most impersonated industry in brand phishing, which is likely due to their widespread usage in corporate and remote work environments.

Read here: Dropbox Used to Steal Credentials and Bypass MFA in Novel Phishing Campaign

Top 10 Brands Impersonated in Phishing Scams Q1 2024

  1. Microsoft (38%)
  2. Google (11%)
  3. LinkedIn (11%)
  4. Apple (5%)
  5. DHL (5%)
  6. Amazon (3%)
  7. Facebook (2%)
  8. Roblox (2%)
  9. Wells Fargo (2%)
  10. Airbnb (1%)

Phishing Attacks Increasingly Sophisticated

Check Point also observed several novel phishing campaigns during Q1 2024, which are particularly challenging to detect.

In one campaign that impersonated Microsoft, threat actors utilized a variety of false email subjects and sender identities to deceive recipients.

The deceptive emails included subjects such as “Message Failure Delivery Notice,” “Outlook Info Replacement,” and “Please Complete: Invoice from DocuSign Electronic Signature Service.”

The emails contained a link, which if clicked, took recipients to a phishing website that resembles a typical Outlook login page. 

Screenshot of phishing website impersonating Outlook login page. Source: Check Point
Screenshot of phishing website impersonating Outlook login page. Source: Check Point

This page aimed to trick targets into providing their log in credentials, posing a major security risk for organizations.

The researchers commented: “In light of the persistent threat posed by brand impersonation, it is imperative for users to maintain a heightened level of vigilance and exercise caution when engaging with emails or messages purportedly from trusted brands.

“By remaining vigilant and adopting proactive cybersecurity practices, individuals can mitigate the risk of falling victim to cybercriminal tactics.”

Image credit: Hadrian /

What’s hot on Infosecurity Magazine?