Brand Phishing report – Q4 2022

Summary

  • Following a significant phishing campaign in the previous quarter, Yahoo became the top brand impersonated in phishing attacks in Q4 2022, climbing 23 spots in the ranking from the previous quarter.

  • DHL dropped from the lead in Q3 2022 to 2nd place in the last quarter of the year, followed by Microsoft which also dropped one place in the ranking.

  • LinkedIn and FedEx got back to the top 10 list in Q4 after dropping out of the ranking in the previous quarter.

In the Q4 of 2022, 20% of all brand phishing attempts were related to Yahoo. We found campaigns which included malicious phishing emails that used Yahoo’s branding. Those contained the subject “YAHOO AWARD” and were sent by senders with names such as “Award Promotion”, “Award Center”, “info winning” or “Award Winning”. The content of the email distributed in the campaign informed the victims that they have won prize money organized by Yahoo and worth hundreds of thousands of dollars. It asks the recipients to send their personal details and the bank details, claiming to transfer the winning prize money to the account. In addition, the email contains a warning that the victim must not tell people about winning the prize because of legal issues.

DHL reached second position in Q4 with 16% of all brand phishing attempts, ahead of Microsoft in the third place with 11%.

Technology was the most likely industry to be imitated by brand phishing this quarter, followed by Shipping and Social Networks.

Top Phishing brands

Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q4 2022:

Instagram Phishing Email – Account Theft Example

As part of campaigns using Instagram’s branding, we observed a malicious phishing email that was sent from [email protected][.]com“. The email was sent with the subject “blue badge form”, and the content (see Figure 1) tries to persuade the victim to click on a malicious link claiming that the victim’s Instagram account has been reviewed by the Facebook team (the owner of the Instagram brand) and has been deemed eligible for the Blue Badge. To receive the badge, they need to fill out a form. The link leads to a malicious website “https://www[.]verifiedbadgecenters[.]xyz/contact/” that requires to enter the victim’s username and password (figure 2).

Figure 1: The malicious email which contained the subject “blue badge form”

Figure 2: fraudulent login page “https://www[.]verifiedbadgecenters[.]xyz/contact/”

Microsoft Teams Phishing Email – Account Theft Example

In this phishing email, we see an attempt to steal a user’s Microsoft account information. The email (see Figure 3) which was sent from the address “[email protected][.]com[.]my“ under a fake sender’s name – “Teams”, contained the subject “you have been added to a new team”.

The attacker tries to lure the victim to click on the malicious link claiming that they have been added to a new team in the app. Choosing to Confirm the collaboration leads to the malicious website “https://u31315517[.]ct[.]sendgrid[.]net/ls/click” which is no longer active.

Figure 3: The malicious email which contained the subject “you have been added to a new team”