Cybersecurity firm Check Point has published an interesting Brand Phishing Report for Q3, 2022.
Phishing attacks are the practice of sending fraudulent communications that appear to come from a genuine source. It is usually conducted via email.
The agenda is to steal sensitive information such as credit card and login information or to install malware on the victim’s computer.
The said report highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials during July, August, and September.
In Q2 22, LinkedIn was the most imitated brand. However, in Q3, shipping corporation DHL took the top spot and accounted for 22 percent of all phishing attempts in the world.
Coming in second place was Microsoft at 16 percent, which was then followed by social media platform for professionals at 11 percent, LinkedIn. LinkedIn is also owned by Microsoft. It recorded 45 percent of phishing scams in Q2, and 52 percent in A1.
DHL’s increase could be due in part to a major global scam and phishing attack that the logistics giant warned about itself just days before the quarter started. Instagram has also appeared in the top ten list for the first time this quarter, following a ‘blue-badge’ related phishing campaign that was reported in September.
Logistics is one of the top industry sectors for brand phishing, second only to technology.
As said, in a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web page design to the genuine site.
The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered by a fraudulent mobile application.
The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.
1. DHL (related to 22% of all phishing attacks globally)
2. Microsoft (16%)
3. LinkedIn (11%)
4. Google (6%)
5. Netflix (5%)
6. WeTransfer (5%)
7. Walmart (5%)
8. Whatsapp (4%)
9. HSBC (4%)
10. Instagram (3%)
“Phishing is the most common type of social engineering, which is a general term describing attempts to manipulate or trick users. It is an increasingly common threat vector used in most security incidents,” commented Omer Dembinsky, Data Research Group Manager at Check Point. “In Q3, we saw a dramatic reduction in the number of phishing attempts related to LinkedIn, which reminds us that cybercriminals will often switch their tactics to increase their chances of success.”