Phishing scams hit new highs during the holiday season—here’s how scammers exploit trusted brands and how you can stay safe.
The rise of brand impersonation in Q4 2024
As 2024 wrapped up, scammers took full advantage of the holiday season to exploit our trust in well-known brands. Guardio’s latest research shows a staggering rise in brand impersonations, with USPS reclaiming its spot as the most imitated brand. This surge in fake USPS sites demonstrates how scammers adapt their tactics to prey on shoppers looking for Black Friday deals and gifts for family and friends.
In Q4 alone, USPS phishing attempts accounted for 16.6% of all brand impersonations, more than double that of Facebook, the second-most imitated brand.
Top 10 most imitated brands in Q4 2024
| USPS | 16.6% |
| Facebook (Meta) | 7.5% |
| Microsoft | 7.3% |
| Steam | 6.8% |
| Roblox | 3.7% |
| AT&T | 3.4% |
| Coinbase | 3.2% |
| 2.9% | |
| Telegram | 2.7% |
| Netflix | 1.7% |
Changes in the top 10 from last quarter
This quarter, we saw Telegram return to the top 10, with DHL falling from the list, most likely an indirect result of an increase in USPS phishing.
USPS: The prime target for scammers
USPS phishing scams skyrocketed in Q4, marking a dramatic increase in their share of total brand impersonations compared to previous quarters:
- Q1 2024: 11.6%
- Q2 2024: 6.3%
- Q3 2024: 7.0%
- Q4 2024: 16.6%
This spike aligns with the holiday shopping season, where online orders and package deliveries hit peak levels. Scammers take advantage of this frenzy, sending fake USPS texts and emails claiming issues with delivery. These messages direct victims to phishing sites designed to steal personal information, such as login credentials and credit card details.
Breaking down the top four brands
- USPS (16.6%): Fake delivery notifications request “small fees” or verification details, leading users to phishing sites or malware downloads.
2. Facebook (7.5%): Meta scams often claim account restrictions, urging users to log in through fraudulent links.
3. Microsoft (7.3%): Phishers impersonate Microsoft support, alleging account issues and tricking users into clicking harmful links.
4. Steam (6.8%): Gamers are targeted with fake account warnings or payment errors, luring them to counterfeit login pages.
AI tools and sora scams: The new frontier
The rise of AI tools like ChatGPT has given scammers new bait. Fake sites promising free access to premium AI tools contain malware designed to compromise devices.
Similarly, a wave of scams centered around Sora, an emerging AI platform, has emerged. Cybercriminals mimic Sora’s branding to deliver phishing emails and counterfeit apps that steal user data.
Holiday shopping scams: A seasonal threat
Between September and November 2024, Guardio blocked twice as many fake text messages as in previous months, many tied to holiday shopping. These scams include:
- Fake discounts: Promising unbeatable deals to lure victims into entering payment information on phishing sites.
- Order confirmation scams: Posing as trusted retailers, scammers send fake receipts or order updates to collect sensitive data.
Travel Scams Surge: TSA Pre-Check Fraud
Travel-related scams also peaked during Q4. Phishers created fake TSA Pre-Check renewal sites and used AI-generated emails mimicking TSA communication. These fraudulent schemes aim to extract payment information and personal details from unsuspecting travelers.
Staying Ahead of the Scammers
The holiday season might be over, but cyber threats aren’t going anywhere. By staying vigilant and relying on trusted security tools, you can outsmart the scammers and keep your personal information safe. Here are some quick tips to protect yourself:
- Verify links: Hover over URLs in emails or texts before clicking to check their legitimacy.
- Be cautious of urgency: Scammers often pressure victims into quick decisions—take a moment to verify the message.
- Use security tools: The truth is that the human eye is no longer enough to spot these sophisticated scams. Comprehensive security solutions like Guardio can block malicious sites and emails, scam texts, and other phishing attacks before they reach you.
About Guardio: Guardio offers everything you need to stay safe across all your devices. With tools that block phishing attacks, malware, and more, Guardio can protect you from scams and identity theft, no matter where you browse, shop, or explore the internet. Trusted by over 1.5 million customers, Guardio continues to provide leading-edge protection for the modern internet user.
Related articles:
- How to Protect Yourself Against Phishing Scams
- Avoiding Fraud When Shopping Online
- Top Social Media Scams to Avoid
- What are Pretexting Scams
- The Latest Instagram Phishing Scam: Copyright Infringement Warning
