Check Point Research (CPR), its Threat Intelligence division Check Point Software Technologies Ltd., a leading global provider of cybersecurity solutions, has released its Brand Phishing Report for the fourth quarter of 2022.
The report highlights the brands that cybercriminals most often impersonated in their attempts to steal personal information or payment credentials during the months of October, November and December last year
Yahoo was the most used brand for phishing attacks in the fourth quarter of 2022, climbing 23 places and accounting for 20% of all attempts. Check Point Research found that cybercriminals distributed emails with subject lines that implied the recipient had won awards or prize money from senders such as “Awards Promotion” or “Award Center”. The content of the email informed the target that he had won a prize money organized by Yahoo worth hundreds of thousands of dollars. It asked the recipient to send their personal and bank details, claiming that they would transfer the prize money they won to their account. The email also contained a warning that the target should not let people know about winning the award due to legal issues.
In general, the technology sector was the industry most likely to imitate brand phishing in the last quarter of 2022, followed by shipping and social networks. DHL was in second place with 16% of all brand phishing attempts, ahead of Microsoft in third place with 11%. LinkedIn also returned to the list this quarter, reaching fifth place with 5,7%. DHL's popularity could be due to the strong online shopping season around Black Friday and Cyber Monday, with hackers using the brand to create "fake" delivery notices.
Omer Dembinsky, Data Group Manager at Check Point Software said: “We see hackers trying to lure their targets by offering rewards and significant sums of money. Remember, if it seems too good to be true, it usually is. You can protect yourself from a brand phishing attack by not clicking on suspicious links or attachments and always checking the URL of the page you are being redirected to. Look for spelling mistakes and don't volunteer unnecessary information."
The 10 Most Popular To Imitate Brands
Here are the top brands ranked by their overall exposure to brand phishing attempts:
- Yahoo (20%)
- DHL (16%)
- Microsoft (11%)
- Google (5.8%)
- LinkedIn (5.7%)
- WeTransfer (5.3%)
- Netflix (4.4%)
- Fedex (2.5%)
- HSBC (2.3%)
- WhatsApp (2.2%)
Instagram Phishing Email –Example Theft Account
CPR observed a malicious phishing email campaign sent by “badge@mail-ig[.]com”. The email was sent with the subject line “blue badge form” and its content attempted to convince the victim to click on a malicious link, which claimed that the victim's Instagram account had been reviewed by the Facebook team (the company that owns the commercial Instagram mark) and had been deemed eligible for the Blue Badge.
Image 1. Malicious email containing the subject “blue badge form”
Picture 2: Fraudulent login page https://www[.]verifiedbadgecenters[.]xyz/contact/
Microsoft Teams Phishing Email – Example of Account Theft
In this phishing email, Check Point Research identified an attempt to steal a user's Microsoft account information. The email was sent from “teamsalert_Y3NkIGpoY2pjc3dzandpM3l1ODMzM3Nuc2tlY25taXc@gmx[.]com[.]my” with fake sender name – “Teams” with subject “you have been added to a new team”.
The attacker tries to trick the victim into clicking on the malicious link by claiming to have been added to a new group in the app. Choosing to confirm cooperation leads to a malicious site “https://u31315517[.]ct[.]sendgrid[.]net/ls/click”, which is no longer active.
Picture 3: The malicious email contained the subject “you have been added to a new group”
Adobe Phishing Email – Example of Account Theft
This phishing email, which uses Abode's trademark, was sent from “grupovesica@adobe-partner[.]com” and its subject, originally in Spanish, read – “Activate your license! Take advantage of its benefits” (originally: “¡Activa tu licencia! Aprovecha sus beneficios”). In the email the victim is encouraged to contact experts to help leverage the app's license.
Clicking on the link in the email (“https://adobeconciergeservices[.]com/_elink/bfgkw374wekci/bcplw9h143poj/bdpip0zrm95o3”), opens a new draft message in Outlook addressed to a foreign email (not associated with Adobe ), in which the user is asked to enter credit details and information to "activate" the license.
Picture 4: Adobe phishing email with the subject “Activate your license! Take advantage of its advantages”