Adidas, WhatsApp and Instagram reappear in the top 10 most impersonated brands in 2022. In addition, the technology sector remains the most affected, followed by social media and banking. Companies such as Microsoft, Google and Amazon provide essential and commonly used services such as email, cloud storage and online shopping. This increases the likelihood that people will respond to messages that appear to come from these essential service providers.

This is highlighted by Check Point Research in its Brand Phishing Report for the second quarter of 2024, where it identifies the brands most frequently counterfeited by cybercriminals in order to deceive users and steal personal information or payment credentials.

“Phishing attacks remain one of the most pervasive cyberthreats and are often the entry point for much larger-scale campaigns. To protect against phishing attacks, users should always verify the sender’s email address, avoid clicking on unsolicited links, and enable multi-factor authentication (MFA) on their accounts. Additionally, using security software and keeping it up to date can help detect and block phishing attempts,” said Omer Dembinsky, Group Data Manager at Check Point Software.

Adidas, WhatsApp and Instagram: top 10 phishing

Below are the top ten brands ranked by their global appearance in brand phishing attempts:

Adidas phishing campaign

Last quarter, Check Point Research observed several phishing campaigns targeting users by posing as Adidas brand websites.

For example, adidasyeezys(.)cz (Figure 1) and adidasyeezys(.)it (Figure 2) are designed to trick victims into believing that they are authentic Adidas Yeezy sites by closely mimicking the look and feel of the legitimate Adidas site at https://news.adidas.com/yeezy. These fraudulent sites aim to trick users into entering their credentials and personal information, leveraging their similarity to the genuine site to successfully steal information.

adidasoriginalss(.)fr is currently down for phishing and instead hosts advertising.

Instagram phishing campaign

In Q2 2024, Check Point Research detected numerous phishing campaigns involving the Instagram brand, which has risen to tenth position on the list of top affected brands, its first appearance since 2022.

In recent months, CPR has identified phishing campaigns that impersonate Instagram to trick users into divulging their login credentials. One example is a phishing page hosted on instagram-nine-flame).(vercel).(app/login (Figure 1), which mimics the Instagram login interface. Hosted on Vercel, a platform for building React apps, this page asks users to enter their usernames and passwords.

Another observed campaign used the domain instagram-verify-account).(tk) (Figure 2). While it is now inactive, it previously displayed a message designed to trick users into entering personal information under the guise of verifying their Instagram accounts. The goal of such tactics is to exploit trust and trick users into compromising their credentials.