DHL takes top spot as most imitated brand in phishing attacks

For the final quarter of 2021, DHL surpassed Microsoft as the brand most spoofed in phishing campaigns, says Check Point Research.

Image: iStock/OrnRin

Phishing attacks often impersonate a popular brand or product to try to trick people into falling for their scams. But the brands that are most exploited change depending on events in the news, the time of year and other factors. A report released Monday by cyber threat intelligence provider Check Point Research reveals how and why international shipping company DHL was the most spoofed brand in phishing campaigns at the close of 2021.

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

For the final quarter of 2021, DHL took over the top spot from Microsoft as the most impersonated brand by cybercriminals using phishing tactics. For the quarter, DHL was spoofed in 23% of all brand phishing attempts, up from just 9% in the year’s previous quarter. At the same time, Microsoft appeared in 20% of all attempts, down from 23% in the prior quarter.

While Microsoft is always a popular target in phishing attacks, DHL grabbed the top spot last quarter due to seasonal reasons. Specifically, the holiday shopping season prompted more consumers to ship items around the world, especially as the pandemic continued to pose a threat. This factor also explains why FedEx joined the top 10 list of most spoofed brands, popping up in 3% of all phishing attempts.

“This quarter, for the first time, we’ve seen global logistics company DHL top the rankings as the most likely brand to be imitated, presumably to capitalize on the soaring number of new and potentially vulnerable online shoppers during the year’s busiest retail period,” said Omer Dembinsky, data research group manager at Check Point Software.

“Older users in particular, who are less likely to be as technologically savvy as younger generations, will be shopping online for the first time and might not know what to look for when it comes to things like delivery confirmation emails or tracking updates,” Dembinsky added. “Furthermore, the rise in COVID cases has people relying on the shipping service more, and cyber criminals are likely trying to capitalize on people choosing to stay indoors more.”

Beyond DHL, Microsoft and FedEx, other brands that appeared on the list included WhatsApp in 11% of phishing attempts, Google in 10%, LinkedIn in 8%, Amazon in 4%, Roblox in 3%, PayPal in 2% and Apple in 2%. The presence of WhatsApp in third place showed that social media apps continue to be a hot target in phishing scams.

SEE: Study: Most phishing pages are abandoned or disappear in a matter of days (TechRepublic)

Among the specific phishing emails examined by Check Point, one used DHL Customer Support as the sender’s name and contained the subject line of “DHL Shipment Notification: xxxxxxxxxx Out for delivery for 15 Dec 21.” Claiming that the victim was due to receive a package, the attacker was trying to lure the recipient to click on a malicious link for a phony DHL webpage to steal their email address and password.

In a campaign spoofing FedEx, the phishing email used a spoofed address of support@fedex.com with a subject line of “Bill of Lading-PL/CI/BL-Documents arrival.” The message asked the recipient to download a file named “shipment docu..rar.” If extracted, the file would infect the computer with the Snake Keylogger malware, which then attempted to steal the person’s account credentials.

In one campaign spotted in November, a phishing email was sent by a spoofed name of PayPal Service with a subject line of “Confirm your PayPal account (Case ID #XX XXXXXXXXXX).” A malicious link in the message took the recipient to a PayPal login page impersonating the actual site. The user was asked to sign in with their PayPal credentials, which were then captured by the attacker.

“Unfortunately, there’s only so much brands like DHL, Microsoft and WhatsApp—which represent the top 3 most imitated brands in Q4—can do to combat phishing attempts,” Dembinsky said. “It’s all too easy for the human element to overlook things like misspelt domains, typos, incorrect dates or other suspicious details, and that’s what opens the door to further damage. We’d urge all users to be very mindful of these details when dealing with the likes of DHL in the coming months.”