For the last quarter of 2021, DHL overtook Microsoft as the most impersonated brand in phishing campaigns, according to Check Point Research.
Phishing attacks often impersonate a popular brand or product to try to trick people into falling for their scams. But the most exploited brands change based on news events, time of year and other factors. A report released Monday by cyber threat intelligence provider Check Point Research reveals how and why international shipping company DHL was the most impersonated brand in phishing campaigns at the end of 2021.
SEE: Social engineering: checklist for professionals (free PDF) (TechRepublic)
For the last quarter of 2021, DHL took the top spot from Microsoft as the most impersonated brand by cybercriminals using phishing tactics. For the quarter, DHL was spoofed in 23% of all brand phishing attempts, compared to just 9% in the previous quarter of the year. Meanwhile, Microsoft appeared in 20% of all attempts, up from 23% in the prior quarter.
While Microsoft is always a popular target in phishing attacks, DHL took the top spot last quarter due to seasonal reasons. Specifically, the holiday shopping season prompted more consumers to ship items globally, especially as the pandemic continued to pose a threat. This factor also explains why FedEx joined the list of the top 10 most spoofed brands, appearing in 3% of all phishing attempts.
“This quarter, for the first time, we saw global logistics company DHL top the charts as the brand most likely to be copied, likely to capitalize on the growing number of potentially vulnerable new online shoppers during the retail time of the year,” said Omer Dembinsky, data research group leader at Check Point Software.
“Older users in particular, who are less likely to be as technologically savvy as younger generations, will be shopping online for the first time and may not know what to look for when it comes to things like delivery confirmation emails or tracking updates,” Dembinsky added. “Additionally, the rise in COVID cases is making people more reliant on the shipping service, and cybercriminals are likely trying to capitalize on people choosing to stay indoors more.”
Besides DHL, Microsoft and FedEx, other brands that made the list included WhatsApp in 11% of phishing attempts, Google in 10%, LinkedIn in 8%, Amazon in 4%, Roblox in 3%, PayPal in 2% and Apple in 2%. WhatsApp’s presence in third place showed that social media apps continue to be a prime target for phishing scams.
SEE: Study: Most Phishing Pages Abandon or Disappear Within Days (TechRepublic)
Among the specific phishing emails checked by Check Point, one used DHL Customer Support as the sender name and contained the subject line “DHL Shipment Notification: xxxxxxxxxx Out for delivery for 15 Dec 21”. Claiming that the victim was to receive a package, the attacker tried to trick the recipient into clicking on a malicious link to a fake DHL webpage in order to steal their email address and password.
In a FedEx impersonation campaign, the phishing email used a forged address of [email protected] with the subject “Bill of Lading-PL/CI/BL-Documents arrival”. The message asked the recipient to download a file named “shipping document..rar”. If extracted, the file would infect the computer with the Snake Keylogger malware, which would then attempt to steal the person’s account credentials.
In a campaign spotted in November, a phishing email was sent by a spoofed PayPal service name with the subject line “Confirm your PayPal account (Case ID #XX XXXXXXXXXX)”. A malicious link in the message directed the recipient to a PayPal login page posing as the real site. The user was prompted to log in with their PayPal credentials, which were later captured by the attacker.
“Unfortunately, brands like DHL, Microsoft, and WhatsApp, which are the top 3 most-imitated brands in Q4, can’t do much to combat phishing attempts,” Dembinsky said. “It’s too easy for the human element to overlook things like misspelled domains, typos, incorrect dates, or other suspicious details, and that’s what opens the door to further damage. We urge all users to be very mindful of these details when dealing with companies like DHL in the coming months.”