DHL most popular bait from phishing scammers
Check Point Research publishes the Q4 Brand Phishing Report, which shows which brands were abused by hackers to trick people into disclosing personal data
Check Point Research has published its Brand Phishing Report for the fourth quarter of 2021. The report highlights the brands most imitated by criminals in the months of October, November and December to steal personal data or payment information.
For the first time, the delivery service DHL took first place, replacing Microsoft. 23 Percent of all phishing attempts related to the global logistics and shipping company, compared to only 9 percent in the third quarter of 2021. Microsoft, which again topped the ranking with 29 percent of all phishing attempts in the third quarter, was only abused for 20 percent of phishing scams in the fourth quarter. DHL competitor FedEx also appeared in the top 10 list for the first time in the 4th quarter of 2021, which is undoubtedly due to the fact that the hackers tried to target online customers in the run-up to the Christmas season and due to the pandemic circumstances.
The most important phishing brands in the 4th quarter of 2021
The following are the brands listed according to their occurrence in phishing attempts:
- DHL (linked to 23 percent of all phishing attacks worldwide)
- Microsoft (20 percent)
- WhatsApp (11 percent)
- Google (10%)
- LinkedIn (8%)
- Amazon (4%)
- FedEx (3 percent)
- Roblox (3 per cent)
- Paypal (2 percent)
- Apple (2 percent)
The report also confirms an emerging trend from the third quarter: social media is consolidating its position among the three most imitated sectors in phishing attempts. While Facebook has dropped out of the top 10 brands that are most often imitated, WhatsApp has risen from 6th to 3rd place and now accounts for 11 percent of all phishing attempts. LinkedIn has moved from 8th to 5th place and has now been used for 8 percent of all phishing attacks.
Omer Dembinsky, Data Research Group Manager at Check Point Software
“Cybercriminals are primarily opportunists. In their attempts to steal personal data or install malware on users’ computers, criminal groups often take advantage of consumer trends by imitating popular brands“ ” explains Omer Dembinsky, Data Research Group Manager at Check Point Software . Also: “This quarter, for the first time, we noticed that DHL was leading the ranking of the most imitated brands, presumably to benefit from the increasing number of new and vulnerable online shoppers during the busiest time of the year. Especially older users, who are not as technically savvy as younger ones, are shopping on the Internet for the first time and may not know what to look for. This involves various things, such as delivery confirmations as e-mails or updates to the shipment tracking. The fourth quarter also confirmed what many of us expected, namely that social media would continue to be heavily targeted by malicious actors. The hackers are trying to take advantage of those who are increasingly relying on channels such as WhatsApp, Facebook and LinkedIn because of remote work and other effects of the pandemic. Unfortunately, the abused brands, such as DHL, Microsoft and WhatsApp, can do little against phishing scams. The human element all too easily overlooks important things, such as misspelled domains, typos, incorrect data or other suspicious details. This opens the door to further damage. We would like to call on all users to pay attention to these details in the coming months when dealing with well-known companies, such as DHL.“
In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name, or a similar URL, and a similar appearance as the real page. The link to the fake Internet presence can be sent to the target person via e-mail or mobile phone text message; a user can also be redirected while surfing the Internet; in addition, the attempt can be triggered by a fraudulent mobile application. The fake web page often contains a form in which the user’s login data, payment data or other information are requested – in order to steal them.