DHL is the most spoofed brand in phishing emails, according to Check Point.
Between July and September 2022, crooks most frequently used the brand name in their attempts to steal personal and payment information from marks, with the shipping giant accounting for 22% of all global phishing attempts intercepted by the cybersecurity firm.
On June 28, DHL informed customers that it was the victim of a "major global scam and phishing attack," and that it was "working hard to block the fraudulent websites and emails."
In the phishing attempts, criminals used a tried-and-true phony message, falsely alerting customers that their package could not be delivered and requesting personal and payment information to proceed with the delivery.
These types of urgent requests — to change a password or, in this case, delivery or payment information — are especially effective at stealing credentials, as we saw with the recent Oktapus cybercrime spree.
Check Point discovered one phishing email that attempted to impersonate DHL and was sent from the address "info@lincssourcing[.]com." The report stated that crooks altered it to appear as if the sender was "DHL Express."
The subject line of the email, "Undelivered DHL(Parcel/Shipment)," as well as the message, attempted to dupe the victim into clicking on a malicious link claiming that they needed to update their delivering address in order to receive the package. Of course, the URL does not actually lead to DHL's website. Instead, it redirects them to a bogus, attacker-controlled website with a form asking the victim to enter their name and password, which the crooks then steal.
These stolen credentials can then be used to obtain additional account information, such as payment information, or simply sold to other identity thieves on dark-web forums. While DHL tops the list of stolen brands, Check Point reports that Microsoft is in second place for third-quarter phishing scams, accounting for 16% of all campaigns based on brand recognition. LinkedIn, which topped the list in both the first and second quarters of this year, fell to third place with 11 percent.
Victims are more likely to click on a malicious link that appears to be sent from a trusted brand, which feeds the phishing pool. It is a low-cost crime with a high return on investment for criminals. Last year, phishing attacks were by far the most commonly reported cybercrime, with 323,972 reported to the FBI and victims losing $44.2 million.
Check Point detailed another brand-spoofing phish example in which criminals used a fake OneDrive email to try to steal a user's Microsoft account information. The message was sent from "websent@jointak[.]com[.]hk," with "OneDrive" as a bogus sender name, and the subject: "A document titled 'Proposal' has been shared with you on Onedrive."
The Microsoft-brand phish, like the DHL spoof, attempts to trick the victim into clicking on a malicious link that spoofs a Microsoft web app login page and then enter their account password. As a general rule, users should avoid emails that request personal information or credit card information.