International courier and package delivery company DHL heads the list of most imitated brands by phishers and malware peddlers in Q4 2021, according to Check Point Research.
“FedEx also appeared in the top ten list for the first time in Q4 2021, no doubt the result of threat actors trying to target vulnerable online shoppers in the run-up to the festive season as the pandemic remained a key concern,” the company has noted.
Malicious emails impersonating those two brands include a fake shipment notification from a spoofed email address impersonating DHL Customer Support and leading targets to a fraudulent login page asking for users’ email and password, and a fake “Failed Delivery” email supposedly from FedEx that urged users to ostensibly download shipment documentation in form of a .rar file, which actually contained the SnakeKeylogger malware.
Top phishing brands in Q4 2021
DHL topped the list of top phishing brands in Q4 2021 with 23% of all phishing attacks globally. It is followed by a perennial favorite: Microsoft (20%, down from 29% in Q3 2021).
“In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site,” the company said, noting that the link to the fake website can delivered via email or text message, or that targets can be redirected to it during web browsing or by a fraudulent mobile application.
You should always be extra careful when asked to enter login credentials, payment details or other personal information, especially if you haven’t landed on that particular page intentionally and deliberately.
Be wary of messages that demand urgent action, and don’t follow links or download attachments delivered via unsolicited emails. Instead, find the official website of the professed sender yourself and log in there – if the notification is legitimate, it will wait for you in the account and you can proceed doing what needs to be done.