In the last quarter, phishing attacks have increasingly mimicked major tech giants and social networks — companies that consumers know, trust, and rely on. Microsoft led as the most impersonated brand, comprising a staggering 32% of all phishing attempts, with Apple (12%) and Google (12%) following in second place. Moreover, LinkedIn reentered the list at fourth place, highlighting the persistent threats faced by technology and social network brands alike.

Here is a look at the top 10 companies that cybercriminals impersonated in Q4 2024:

• Microsoft: 32%

• Apple: 12%

• Google: 12%

• LinkedIn: 11%

• Alibaba: 4%

• WhatsApp: 2%

• Amazon: 2%

• Twitter: 2%

• Facebook: 2%

• Adobe: 1%

Cybercriminals understand that users are more likely to let their guard down when interacting with a company that plays a key role in their daily workflow or personal life, making these companies ideal disguises for phishing schemes that trick users into disclosing personal or financial details. As mentioned in our Holiday Cybersecurity Guide, phishing attacks also surged during the holiday season as cybercriminals posed as popular retail brands like Adidas, Lululemon, Hugo Boss, Guess, and Ralph Lauren. Fraudulent domains mimicking official websites offered fake discounts to deceive shoppers, leading to stolen login credentials and personal information.  Fortunately, fraudulent domains can often be identified if employees are trained to carefully scrutinize URLs. Recent attacks provide clear examples of common deceptive tactics such as spelling errors, altered brand names, suspicious subdomains, and unusual domain extensions.  

• lululemons[.]ro

• wallet-paypal[.]com

• svfacebook[.]click

• adidasyeezy[.]co[.]no

The surge in volume and sophistication of these attacks underscores the critical need for robust cybersecurity measures and user education. Verifying email sources, avoiding unfamiliar links, and implementing multi-factor authentication (MFA) are just a few of the crucial steps to defend against evolving threats. Businesses must stay vigilant by:

• Installing and maintaining up-to-date security software.

• Educating employees on recognizing phishing red flags.

• Using AI-Driven analytics to block malicious emails before they reach you.  

Luckily, Lightspeed Solutions offers all the above! Our new-school security awareness training equips each member of your organization with an essential defense toolkit against phishing and social engineering attacks, strengthening your security culture and reducing the daily human error risk that causes 90% of US data breaches. Contact us today to secure your organization.