For the last 4th of 2021, DHL surpassed Microsoft arsenic the marque astir spoofed successful phishing campaigns, says Check Point Research.
Phishing attacks often impersonate a fashionable marque oregon merchandise to effort to instrumentality radical into falling for their scams. But the brands that are astir exploited alteration depending connected events successful the news, the clip of twelvemonth and different factors. A study released Monday by cyber menace quality supplier Check Point Research reveals however and wherefore planetary shipping institution DHL was the astir spoofed marque successful phishing campaigns astatine the adjacent of 2021.
SEE: Social engineering: A cheat expanse for concern professionals (free PDF) (TechRepublic)
For the last 4th of 2021, DHL took implicit the apical spot from Microsoft arsenic the astir impersonated marque by cybercriminals utilizing phishing tactics. For the quarter, DHL was spoofed successful 23% of each marque phishing attempts, up from conscionable 9% successful the year's erstwhile quarter. At the aforesaid time, Microsoft appeared successful 20% of each attempts, down from 23% successful the anterior quarter.
While Microsoft is ever a fashionable people successful phishing attacks, DHL grabbed the apical spot past 4th owed to seasonal reasons. Specifically, the vacation buying play prompted much consumers to vessel items astir the world, particularly arsenic the pandemic continued to airs a threat. This origin besides explains wherefore FedEx joined the apical 10 database of astir spoofed brands, popping up successful 3% of each phishing attempts.
"This quarter, for the archetypal time, we've seen planetary logistics institution DHL apical the rankings arsenic the astir apt marque to beryllium imitated, presumably to capitalize connected the soaring fig of caller and perchance susceptible online shoppers during the year's busiest retail period," said Omer Dembinsky, information probe radical manager astatine Check Point Software.
"Older users successful particular, who are little apt to beryllium arsenic technologically savvy arsenic younger generations, volition beryllium buying online for the archetypal clip and mightiness not cognize what to look for erstwhile it comes to things similar transportation confirmation emails oregon tracking updates," Dembinsky added. "Furthermore, the emergence successful COVID cases has radical relying connected the shipping work more, and cyber criminals are apt trying to capitalize connected radical choosing to enactment indoors more."
Beyond DHL, Microsoft and FedEx, different brands that appeared connected the database included WhatsApp successful 11% of phishing attempts, Google successful 10%, LinkedIn successful 8%, Amazon successful 4%, Roblox successful 3%, PayPal successful 2% and Apple successful 2%. The beingness of WhatsApp successful 3rd spot showed that societal media apps proceed to beryllium a blistery people successful phishing scams.
Among the circumstantial phishing emails examined by Check Point, 1 utilized DHL Customer Support arsenic the sender's sanction and contained the taxable enactment of "DHL Shipment Notification: xxxxxxxxxx Out for transportation for 15 Dec 21." Claiming that the unfortunate was owed to person a package, the attacker was trying to lure the recipient to click connected a malicious nexus for a phony DHL webpage to bargain their email code and password.
In a run spoofing FedEx, the phishing email utilized a spoofed code of firstname.lastname@example.org with a taxable enactment of "Bill of Lading-PL/CI/BL-Documents arrival." The connection asked the recipient to download a record named "shipment docu..rar." If extracted, the record would infect the machine with the Snake Keylogger malware, which past attempted to bargain the person's relationship credentials.
In 1 run spotted successful November, a phishing email was sent by a spoofed sanction of PayPal Service with a taxable enactment of "Confirm your PayPal relationship (Case ID #XX XXXXXXXXXX)." A malicious nexus successful the connection took the recipient to a PayPal login leafage impersonating the existent site. The idiosyncratic was asked to motion successful with their PayPal credentials, which were past captured by the attacker.
"Unfortunately, there's lone truthful overmuch brands similar DHL, Microsoft and WhatsApp—which correspond the apical 3 astir imitated brands successful Q4—can bash to combat phishing attempts," Dembinsky said. "It's each excessively casual for the quality constituent to place things similar misspelt domains, typos, incorrect dates oregon different suspicious details, and that's what opens the doorway to further damage. We'd impulse each users to beryllium precise mindful of these details erstwhile dealing with the likes of DHL successful the coming months."
Cybersecurity Insider Newsletter
Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and ThursdaysSign up today