Top brands such as Yahoo (20 percent), DHL (16 percent), Microsoft (11 percent), Google (5.8 percent) and Linkedin (5.7 percent) faced phishing attacks last quarter, according to Check Point Research’s Q4 2022 Brand Phishing Report.
These brands were most frequently imitated by criminals during October-December 2022. Yahoo was the top brand impersonated in phishing attacks last quarter, climbing 23 spots in the ranking from the previous quarter. Cybercriminals are sending emails with subject lines that suggest a recipient has won awards and prize money.
The other most imitated brands are Wetransfer (5.3 percent), Netflix (4.4 percent), FedEx (2.5 percent), HSBC (2.3 percent) and WhatsApp (2.2 percent).
Phishing Attacks
Hackers try to imitate the official website of a well-known brand by using a similar domain name or URL, and web-page design to the genuine site. The link to the fake website can be sent to targeted individuals by email or text message. A user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.
Yahoo
CPR found campaigns that included malicious phishing emails that used Yahoo’s branding, containing the subject “YAHOO AWARD” which were sent by senders with user names such as “Award Promotion”, “Award Center”, “info winning” or “Award Winning”.
The content of the email distributed in the campaign informed the victims that they have won prize money worth hundreds of thousands of dollars, in contests organized by Yahoo. The email then asks the recipients to send their personal and bank details, claiming this information was necessary to transfer the winning prize money.