Check Point Research Q4 Brand Phishing Report

Check Point Research (CPR) presents the 2021 Q4 Brand Phishing report Report, in which he points out the top brands imitated by hackers in their attempts to fraudulently obtain personal data of third parties.

With the rise of COVID cases and the arrival of the holiday season, DHL has put an end to Microsoft's long-standing dominance as the brand most often imitated by cybercriminals. Social media is consolidating its position among the top three areas to emulate in phishing attempts, as WhatsApp and LinkedIn rank higher in the list of the 10 most frequently imitated brands.

  • 23% of all phishing efforts in the fourth quarter of 2021 were related to DHL, up from just 9% in the third quarter.
  • Microsoft, which once again topped the rankings in the third quarter, accounting for 29% of all phishing efforts, dropped to 20% of phishing attacks in the fourth quarter.
  • FedEx made its appearance in the top ten of the list in the fourth quarter of 2021

The Top 10 of the top brands to imitate in the 4th quarter of 2021

Trademarks are classified based on their overall appearance in phishing attempts:

1. DHL (related to 23% of all phishing attacks worldwide)

2. Microsoft (20%)

3. WhatsApp (11%)

4. Google (10%)

5. LinkedIn (8%)

6. Amazon (4%)

7. FedEx (3%)

8. Roblox (3%)

9. Paypal (2%)

10. Apple (2%) 

For the first time, DHL ranked first in the fourth quarter, replacing Microsoft as the brand most likely to be targeted by cybercriminals in phishing scams as perpetrators try to take advantage of vulnerable online consumers during of the busiest season of the year.

The fourth quarter report also reinforces a emerging third quarter trend in social media, which seems to be consolidating its position among the top three sectors to emulate in phishing attempts. While Facebook dropped from the top ten, WhatsApp moved from 6th to 3rd place, now accounting for 11% of all phishing efforts. Also, LinkedIn has moved from 8th to 5th place, now accounting for 8% of all phishing-related attacks. 

What is an attack? brand phishing;

In an electronic attack "brand phishing ”, criminals try to emulate the official website of a well-known brand, using a similar domain name or URL and website design with the original website. The link to the fake website may be sent to targeted individuals via email or text message. The user can be redirected while browsing the web or can be activated by a fraudulent mobile application. The fake website often contains a form that aims to steal users' credentials, payment information or other personal information.

  Security gap in Everscale Wallet

Ο Omer Dembinsky, Data Research Group Manager at Check Point Software, said:

"It's important to remember that cybercriminals are primarily opportunists. In their attempt to steal our personal data or develop malware on a user's machine, criminal gangs often exploit consumer trends by imitating popular brands. This quarter, for the first time, we saw the global logistics company DHL at the top of the rankings as the most likely brand to imitate, apparently to take advantage of the surge in the number of new and potentially vulnerable online shoppers during busy retail season of the year. Older users in particular, who are less likely to be technologically familiar with the younger generations if they are shopping online for the first time, may not know what to look for when it comes to issues like delivery confirmation messages or tracking updates. In addition, the increase in COVID cases has resulted in people relying more on the shipping service and cybercriminals are likely to try to take advantage of people who choose not to go to physical stores. ”

The 4th quarter also confirmed what many of us expected. That social media would continue to be largely the target of malicious agents seeking to exploit those who rely more on channels such as WhatsApp, Facebook and LinkedIn as a result of remote work and other effects of the pandemic.

Unfortunately, there is a limit to what brands like DHL, Microsoft and WhatsApp can do - the top three fake brands in the fourth quarter - to combat phishing attempts. It is very easy for the human factor to overlook things like wrong domains, typographical errors, wrong dates or other suspicious details, and this is what opens the door to further damage. 

We would urge all users to pay close attention to these details when dealing with companies like DHL in the coming months.

  Offensive Security: The new Kali Linux 2019.1 is here

Example A: Paypal

During the November discounts, we noticed a malicious phishing email allegedly sent by PayPal trying to steal users' credit information. 

Figure 1. Malicious e-mail sent with the subject "[Alert] Confirm your PayPal account (Case ID #XX XXXXXXXXXXXXX)"




Figure 2. Left side - fake login page? Right side - real login page


Example B: FedEx

During December, we noticed a malicious email Phishing using its trademark Fedex and was trying to persuade the user to download the malware SnakeKeylogger on his computer. The e-mail (see Figure 1) sent from the fake address support@fedex[.]com, contained the topic “Bill of charging-PL/CI/BL-Documents arrival“. The content asks you to download an archive file RAR "shipment docu..rare", Which contains a malicious executable file that would infect the system with SnakeKeylogger and could intercept user credentials. 

Figure 3. Malicious e-mail with the subject “Bill of Lading-PL / CI / BL-Documents arrival”




Example C: DHL

In this below Phishing email, we see an attempt to steal it email and the password of the users through an imitation of the brand DHL. Sent from fake DHL Customer Support email (info @ emmc [.] ir), contained the topic DHL Shipment Notification: xxxxxxxxxxxx “Out for delivery” for 15 Dec 21 ″. The attacker was trying to entice the victim to click on a malicious link (http: //reg[.]chaindaohang[.]com/wp-content/Uploads/ 2021 / 07 /dhl/index[.]php?i=i& 0 =vegenat@vegenat[.]es), which redirects the user to a deceptive homepage DHL, which looks like the actual website (see Figure 2).

In the malicious link, the user was prompted to enter email and its password. 

Figure 4. The malicious e-mail sent with the subject “Sending notification DHL : xxxxxxxxxxxx "Out for deliveredfor 15 Dec 21"



Figure 5. Left side - fraudulent credentials login page? Right side - real login page






Follow us on Google News at Google news

Check Point Research, iguru

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published.

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).

  + 82 = 88