Oct 24^th — The latest Brand Phishing Report from Check Point Software highlights which brands were most frequently imitated by cyber criminals during July, August and September of 2022. The report indicates that the shipping company known as DHL was imitated with the greatest frequency during the specified time period.

DHL shipping attacks

According to researchers, shipping is one of the top industry sectors for brand phishing, second only to technology. As we head into the busiest retail period of the year, experts will continue to monitor shipping-related scams, as hackers will likely increase their attempts to trick online shoppers.

More information

• During Q3, cyber attackers imitated DHL in 22% of all phishing attempts worldwide.
• In terms of Q3 numbers, Microsoft is in second place. Phishers leveraged the Microsoft brand in 16% of attacks.
• 11% of phishing scams involved LinkedIn impersonations during Q3, a drop from 52% during Q1.

Instagram also appeared on the top ten list for the first time this quarter, following a ‘blue-badge’ related phishing campaign that was reported in September.

Brand phishing explained

Phishing is the most common type of ‘social engineering’; a general term describing attempts to manipulate or trick people into divulging information to cyber criminals, or downloading malware, among other things. It is an increasingly common threat vector used in many security incidents.

In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar URL and web-page design to the effectively create a clone of the site. The link to the cloned website can be sent to targeted individuals by email or SMS, a user can be redirected during web browsing, or it may be triggered via a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.

Top phishing brands in Q3 2022

Below are the top brands ranked by their overall appearance in brand phishing attempts:

1. DHL (related to 22% of all phishing attacks globally)
2. Microsoft (16%)
3. LinkedIn (11%)
4. Google (6%)
5. Netflix (5%)
6. WeTransfer (5%)
7. Walmart (5%)
8. Whatsapp (4%)
9. HSBC (4%)
10. Instagram (3%)

Summary

As always, we encourage users to be cautious when divulging personal data and credentials to business applications or websites, and to think twice before opening email attachments or links, especially emails that claim to be from companies such as DHL, Microsoft or LinkedIn, as they are the most likely to be impersonated.

Get the full story here. Lastly, get best-in-class interviews, real-world reports and so much more delivered to your inbox each week – subscribe to the CyberTalk.org newsletter.