October 25, 2022
(press release)
–
(GlobeNewswire) -
While LinkedIn was the most imitated brand in both Q1 and Q2 2022, its shipping company DHL that took the top spot in Q3, accounting for twenty-two percent of all phishing attempts worldwide. Microsoft is in second place (16%) and LinkedIn has fallen into third, making up just 11% of scams, compared to 52% in Q1 and 45% in Q2. DHLs increase could be due in part to a major global scam and phishing attack that the logistics giant warned about itself just days before the quarter started. Instagram has also appeared in the top ten list for the first time this quarter, following a blue-badge related phishing campaign that was reported in September. Shipping is one of the top industry sectors for brand phishing, second only to technology. As we head into the busiest retail period of the year, CPR will continue to monitor shipping related scams as threat actors will likely increase their efforts to take advantage of online shoppers. Phishing is the most common type of social engineering, which is a general term describing attempts to manipulate or trick users. It is an increasingly common threat vector used in most security incidents, commented
In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users credentials, payment details or other personal information. Top phishing brands in Q3 2022 Below are the top brands ranked by their overall appearance in brand phishing attempts: DHL (related to 22% of all phishing attacks globally)Microsoft (16%)LinkedIn (11%)Google (6%)Netflix (5%)WeTransfer (5%)Walmart (5%)
DHL Phishing Email Account Theft Example As part of campaigns using DHLs branding that appeared during Q3 2022, we observed a malicious phishing email that was sent from a webmail address info@lincssourcing[.]com and spoofed to appear as if it was sent from DHL Express. The email contained the subject- Undelivered DHL(Parcel/Shipment), and the content tries to persuade the victim to click on a malicious link claiming that there is a delivery intended for them that can be sent just after updating the delivery address. This link leads to a malicious website- https://bafybeig4warxkemgy6mdzooxeeuglstk6idtz5dinm7yayeazximd3azai[.]ipfs[.]w3s[.]link/dshby[.]html/ that requires the victims username and password to be entered. OneDrive Phishing Email Account Theft Example In this phishing email, we see an attempt to steal a users Microsoft account information. The email which was sent from the webmail address websent@jointak.com.hk under the fake sender name - OneDrive, contained the subject A document titled Proposal has been shared with you on Onedrive. The attacker tries to lure the victim to click on the malicious link claiming that an important document titled Proposal shared with them on their OneDrive. This malicious link https://mail-supp-365[.]herokuapp[.]com/ redirects the user to a fraudulent Microsoft web app login page, there the user needs to enter their account password. As always, we encourage users to be cautious when divulging personal data and credentials to business applications or websites, and to think twice before opening email attachments or links, especially emails that claim to be from companies such as DHL, Microsoft or LinkedIn, as they are the most likely to be impersonated.
Blog: https://research.checkpoint.com/ Twitter: https://twitter.com/_cpresearch_ About
About
Emilie Beneitez LefebvreKip E. Meintzer Check Point Software TechnologiesCheck Point Software Technologies press@checkpoint.comir@us.checkpoint.com
* All content is copyrighted by Industry Intelligence, or the original respective author or source. You may not recirculate, redistrubte or publish the analysis and presentation included in the service without Industry Intelligence's prior written consent. Please review our terms of use.