The most popular brand for phishing attacks might surprise you

(Image credit: Vektor Illustration/Shutterstock)

Global logistics and shipping powerhouse DHL is the most represented brand in phishing attacks, with most criminals using its name and logo as they try to steal people’s login data, payment information, and even money, experts have warned.

A new report from Check Point examining the threat landscape between July and September 2022 found almost a quarter (22%) of all phishing attempts impersonated DHL.

In phishing attacks, cybercriminals prepare an email (or an SMS message, or any other form of communication) to look and feel as if it’s coming from a legitimate brand, to get people to actually open the contents. In the email itself, the crooks will claim the victim needs to address an urgent issue (for example, a pending parcel), by providing sensitive data, either directly via email, or via a specially crafted landing page.

Microsoft and LinkedIn suffering, too

The data would then end up in the hands of the criminals to use in various other types of cybercrime, such as identity theft, wire fraud, or similar. 

As reported by The Register, in late June DHL warned customers of being used in a "major global scam and phishing attack," adding it was "working hard to block the fraudulent websites and emails." 

Since the Covid-19 pandemic and the lockdowns, people have shopping online a lot more, giving DHL additional exposure - something cybercriminals are now looking to capitalize on. 

However the shipping giant is hardly the only brand being impersonated in these attacks. With 16%, Microsoft is the second most impersonated brand, followed by third-placed LinkedIn, which had previously held the number one spot in both Q1 and Q2 2022.

To protect from phishing attacks, businesses are advised to educate their employees on best cybersecurity practices. Workers, as the first line of attack, need to be extra careful when receiving emails with links or attachments and to check the email sender address, as well as the contents, for any typos or inconsistencies. 

Via: The Register

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.