WhatsApp and Instagram are now among the top ten brands imitated by cybercriminals in their attempts to deceive individuals and steal personal information or payment credentials in Q2 2024, according to CheckPoint Research (CPR).
Microsoft has led this list for the last two quarters, accounting for more than half of all attempts, with 57 percent in the second quarter. Apple moved up to second place from fourth in the first quarter of 2024 with 10 percent. LinkedIn kept its previous third-place ranking with 7 percent of such attempts.
Google dropped from the second position in the last quarter to the fourth position with 6 percent, Facebook maintains the fifth position with 1.8 percent, and Amazon and DHL maintain the sixth (1.6 percent) and seventh (0.9 percent) positions, respectively.
WhatsApp, Instagram, and Adidas are new entrants on this list, occupying the ninth (0.8 percent), tenth (0.7 percent), and eighth (0.8 percent) positions, respectively. These brands are appearing on the list for the first time since 2022, indicating increasing appearances by cyber actors on the platforms.
Like last quarter, the technology actor remained the most impersonated industry in brand phishing, followed by social networks and the banking sector.
According to the research, “technology companies often hold sensitive information, including personal data, financial information, and access to other accounts, which makes them valuable targets for attackers.”
It added, “Companies such as Microsoft, Google, and Amazon, who all appeared on the list, deliver essential and frequently used services such as email, cloud storage, and online shopping. That means people are more likely to respond to messages that appear to be from these critical service providers.”
Omer Dembinsky, Data Group Manager at Check Point Software, stated, “Phishing attacks remain one of the most pervasive cyber threats and are often the entry point for much larger scale campaigns in a supply chain.”
Nigeria has one of the world’s largest WhatsApp user bases, with over 50 million active users. A large portion of the country’s adult population depends on the platform for communication and commerce.
Dembinsky advised that users should always verify the sender’s email address, avoid clicking on unsolicited links, and enable multi-factor authentication (MFA) on their accounts to protect against phishing attacks.
“Using security software and updating it can help detect and block phishing attempts,” Dembinsky added.
