Brand Phishing Report – Q4 2020

Summary

According to Check Point Research´s (CPR) analysis, Microsoft still lead the top ten-brand phishing in the last quarter of 2020, with many websites trying to impersonate Microsoft login screens and steal user credentials.

Shipping and retail, mainly led by email phishing on DHL and Amazon, are up to the top 3 brand industries for the first time this year and have more than doubled their relative share following the shopping and holidays months.

Top Phishing brands

Below are the top ten brands ranked by their overall appearance in brand phishing events during Q4 2020:

Top phishing brands in Q4 2020

The top brands are ranked by their overall appearance in brand phishing attempts:

Microsoft (related to 43% of all brand phishing attempts globally)
DHL (18%)
LinkedIn (6%)
Amazon (5%)
Rakuten (4%)
IKEA (3%)
Google (2%)
Paypal (2%)
Chase (2%)
Yahoo (1%)

Top industry sectors for brand phishing

Technology
Shipping
Retail

DHL Phishing Email – Password Theft Example

During November, we noticed a malicious phishing email that used DHL’s branding, and was trying to steal users’ passwords. The email (see Figure 1), which was sent from the spoofed email address Parcel.docs@dhl.com, contained the subject “RE: Your DHL parcel (Available for pick up) – [<recipient email>]” with the user’s email. The attacker was trying to lure the victim to click on a malicious link, which redirected the user to a fraudulent login page (see Figure 2) where the user needed to key in their password, and would then be sent to the site selected by the attacker (https://ipostagepay[.]ru/[.]mm0/).

Microsoft Phishing Email – Credentials Theft Example

During December we observed a malicious phishing email, which was trying to steal credentials of Microsoft Office 365 account users. The email (Figure 3) contained the subject “Doc(s) Daily delivery #- <ID Number>” and the content impersonated eFax service. After the users click on the link, they are taken to another document (Figure 4) that redirects them to a fraudulent Microsoft login page (Figure 5).

See how use cases come to life through Check Point's customer stories.

See how use cases come to life through Check Point's customer stories.

See how use cases come to life through Check Point's customer stories.

AI-Powered Threat Prevention

AI-Powered Threat Prevention

AI-Powered Threat Prevention

AI-Powered Threat Prevention

AI-Powered Threat Prevention

Learn hackers inside secrets and beat them at their own game

Learn hackers inside secrets and beat them at their own game

Learn hackers inside secrets and beat them at their own game

Learn hackers inside secrets and beat them at their own game

Learn hackers inside secrets and beat them at their own game

Learn hackers inside secrets and beat them at their own game

Check Point is 100% Channel. Grow Your Business with Us!

See how use cases come to life through Check Point's customer stories.

Brand Phishing Report – Q4 2020

Summary

Top Phishing brands

Top phishing brands in Q4 2020

Top industry sectors for brand phishing

DHL Phishing Email – Password Theft Example

Microsoft Phishing Email – Credentials Theft Example

Summary

Top Phishing brands

Top phishing brands in Q4 2020

Top industry sectors for brand phishing

DHL Phishing Email – Password Theft Example

Microsoft Phishing Email – Credentials Theft Example

You may also like

Check Point Named Strategic Leader in AV-Comparatives EPR Report

Protecting Against DDoS Tsunami Attacks

Taking Steps Toward Achieving FedRAMP

Earth Day 2024: Securing Our Earth