Here is a ranking based on one cybersecurity firm’s own data and research.

According to one cybersecurity firm’s own metrics, 10 established firms were most popularly used by cybercriminals and scammers for “brand phishing” in the first quarter of this year.

The ranking highlights the brands most frequently imitated by cybercriminals in their attempts to deceive individuals and steal personal information or payment credentials. Examples of common Q1 phishing email headings include “Message Failure Delivery Notice”, “Annual Leave Compliance Report” and “Please Complete: Invoice from DocuSign Electronic Signature Service.”

At the top of the list was Microsoft, which continued to be the most abused name in phishing attacks, accounting for 38% of all brand phishing attempts recorded for ranking. Phishing emails commonly spoof the firm’s Outlook web login page to trick unwary visitors into providing real login credentials that could then be used by cybercriminals to take over Microsoft user accounts and other valuable data.

Next up was Google, capturing 11% of attempted brand phishing attacks, up slightly from its previous third-place position. LinkedIn saw a rise to third place, with 11% of popularity, marking a notable increase from the previous quarter’s ranking.

In terms of the industries most commonly used in phishing ploys, the technology sector remained top of list for Q1 2024, followed by the social networks and banking industries.

According to Omer Dembinsky, Data Group Manager, Check Point Software, the firm that publicized the rankings: “In light of the persistent threat posed by brand impersonation, it is imperative for users to maintain a heightened level of vigilance and exercise caution when engaging with emails or messages purportedly from trusted brands. By remaining vigilant and adopting proactive cybersecurity practices, individuals can mitigate the risk of falling victim to cybercriminal tactics.”