Check Point Research (CPR), the Threat Intelligence division of Check Point Software Technologies Ltd, a global cyber security solutions provider, has published its Brand Phishing Report for the second quarter of 2022.
The report highlights the brands that cybercriminals most often impersonated in their attempts to steal people's personal information or payment credentials during the quarter.
Social networking platform LinkedIn remained at the top of the ranking as the most imitated brand, after entering the list for the first time in the first quarter of 2022.
Although its share has decreased slightly – from 52% in the first quarter to 45% of all phishing attempts in the second quarter, it is still a worrying trend, which highlights the ongoing risks faced by users of the trusted platform social media.
Social networks are still generally the most imitated category, followed by technology, which, this quarter, was second only to shipping.
The most impressive increase in exploited tech names was Microsoft, which accounted for 13% of all phishing attempts, more than double the previous quarter, while DHL came in third with 12%. Some new brands to enter the top ten were Adidas, Adobe and HSBC and although they are all in the low single digits they will be closely watched by researchers in the third quarter for any developments.
The rise in Microsoft-related fraud is a risk to both individuals and organizations. Once someone gets their hands on your account credentials, they have access to all the apps behind it, like Teams and SharePoint, as well as the obvious risk of hacking your Outlook email account. The report points to a specific example of an Outlook phishing email that lures users to a fraudulent Outlook web page with the subject: “[Action Required] Final Reminder – Verify your OWA Account now,” asking the victim to enter his login details.
LinkedIn-based phishing campaigns mimicked the communication style of the professional social networking platform with malicious emails that used subject lines such as: “You appeared in 8 searches this week” or “You have a new message” or “I'd like to work with you via LinkedIn”. Although they appeared to be from LinkedIn, they were using an email address that was completely different from the social networking platform's.
Meanwhile, with the relentless trend towards online shopping, it's no surprise that in the second quarter of the year DHL was spoofed at 12% of all phishing attacks. The report specifically refers to a phishing scam related to tracking a shipment, with the theme “Incoming Shipment Notification”, which aimed to trick the consumer into clicking on a malicious link.
"Phishing emails are an important tool in any hacker's arsenal, as they grow rapidly and can target millions of users at relatively low cost," said Omer Dembinsky, Data Research Group Manager at Check Point Software. “They give cybercriminals the opportunity to exploit the reputation of trusted brands to give users a false sense of security, which can be exploited to steal personal or business information for financial gain.
“Criminals will use any brand with sufficient reach and consumer trust. Therefore, we see hackers expanding their operations and brands such as Adidas, Adobe and HSBC making their first appearance in the top 10. Hackers are trading on our trust in these brands. There's a reason they keep using brand-based phishing. Operates. For this reason, consumers should act with caution and check for those signs of fake email, such as bad grammar, spelling mistakes or strange domain names that can reveal the scam. If in doubt, head to the brand's official website instead of clicking on any links."
Such a phishing attack not only exploits our implicit trust in a familiar brand, either by adopting its image, or by frequently using a similar URL, but also plays on human emotions, such as the fear of missing out on an important discount. The sense of urgency created leads consumers to hastily click without first checking if the email is from the brand in question. This can lead them to accidentally download malware or hand over valuable personal information that can give criminals access to their entire online world at possible financial loss.
Top phishing brands for Q2 2022
Here are the top brands ranked by their overall exposure to similar phishing attempts:
- LinkedIn (45%)
- Microsoft (13%)
- DHL (12%)
- Amazon (9%)
- Apple (3%)
- Adidas (2%)
- Google (1%)
- Netflix (1%)
- Adobe (1%)
- HSBC (1%)
LinkedIn Phishing Email- Example of Account Theft
During the second quarter of 2022, we observed a malicious phishing email that used the LinkedIn brand. The phishing email was sent from a webmail address and spoofed to appear to be from “LinkedIn Security (email@example.com[.]ec)”. The email had the subject “LinkedIn Notice!!!”, and the content (see Figure 1) tries to lure the victim into clicking on a malicious link under the guise of updating the version of their LinkedIn account. This click leads to the link “https://lin882[.]webnode[.]page/”, where the victim is then asked to enter their LinkedIn account details (see Figure 2).
DHL Phishing Email – Example of account theft
During the second quarter of 2022, we observed a malicious phishing email using the DHL brand name. The phishing email was sent from a webmail address and spoofed to appear to be from “DHL EXPRESS (track@harbormfreight[.]com)”. The email contained the subject line “Incoming Shipment Notification” and its content (see Figure 1) tries to convince the victim to click on a malicious link that takes them to the address “https:// delicate-sea-3417 .on.fleek.co”.
The victim is then asked to enter their username and password.
Outlook Phishing Email – Example of account theft
In this phishing email, we see an attempt to steal a user's Outlook account information. The email (see Figure 1) sent from the email address “Outlook OWA (firstname.lastname@example.org)”, contained the subject line “[Action Required] Final Reminder – Verify Your OWA Account Now”. The attacker was trying to trick the victim into clicking on a malicious link, which redirected the user to a fraudulent Outlook web application login page (see Figure 2).
In the malicious link (jfbfstxegfghaccl-dot-githu-dir-aceui-xoweu[.]ue[.]r[.]appspot[.]com), the user had to enter their username and password.
Amazon Phishing Email – Example of billing information theft
In this phishing email, we see an attempt to steal a user's billing information. The email (see Figure 1), which was sent from the email address “Amazon (fcarvache@puertoesmeraldas[.]gob[.]ec)”, contained the subject line “Your amazon account verification”.
The email title and content are an attempt by the attacker to lure the victim into clicking on a malicious link “https://main.d1eoejahlrcxb.amplifyapp[.]com”, which redirects the user to a fraudulent page that prompts for billing information (see Figure 2).