Attackers are increasingly exploiting trusted enterprise and consumer brands to harvest credentials, which are subsequently used to gain initial access to accounts.
Recent data reveals that over half of password attacks targeting major brands aimed at stealing credentials were directed at Microsoft, Apple, Google, and Amazon. Alongside Meta, these accounts are among the most sought-after by cybercriminals.
A new report from Check Point indicates that in the last quarter, “Microsoft once again ranked as the most impersonated brand in phishing attacks, accounting for 22% of all brand phishing attempts.” This prevalence underscores attackers’ focus on credentials that can unlock enterprise access, cloud services, and identity platforms.
Google followed closely, accounting for 13% of phishing attempts, while Amazon secured the third position at 9%, driven by Black Friday and holiday sales, surpassing Apple. After a significant hiatus, Facebook (Meta) re-emerged in the top 10, landing in fifth place, signaling a renewed interest among attackers in social media account takeovers.
The top 10 list was completed by PayPal, Adobe, Booking.com, DHL, and LinkedIn; however, these five brands collectively represented only 8% of the attacks, significantly overshadowed by the top five, which accounted for 55%.
- Microsoft – 22%
- Google – 13%
- Amazon – 9%
- Apple – 8%
- Facebook (Meta) – 3%
- PayPal – 2%
- Adobe – 2%
- Booking – 2%
- DHL – 1%
- LinkedIn – 1%
All those leading technology brands offer account security upgrades that prevent hackers from gaining access to your account through phishing attacks and almost all other password-stealing campaigns and lures. If you have not added two-step verification and passkeys to all your key accounts, stop reading this article and go do that now.
You will find details on how to make those changes in your account settings in your app or via your usual web login. Do not use a search engine or an AI chatbot to find the right website to make changes. Those results are open to manipulation.
Within your account settings, look for security or password, or account login, or similar menu items. Making the changes is simple and takes just seconds.
One word of caution. When adding two-step verification (2SV), two-factor authentication (2FA), or multi-factor authentication (MFA), which are all the same thing, do not use SMS based codes if you don’t have to. Apps from major brands and blue-chip password managers will provide codes on your phone.
