Yahoo most impersonated brand in Q4 2022 phishing attacks

In News

Yahoo climbed 23 places in Q4 2022 according to Check Point Research

Check Point Research (CPR) has published its Brand Phishing Report for Q4 2022. The report highlights the brands that were most frequently imitated by cybercriminals in their attempts to steal individuals’ personal information or payment credentials during October, November and December of last year.

Yahoo was the most impersonated brand for phishing attacks during Q4 2022, climbing 23 places and accounting for 20% of all attempts. Check Point Research found cybercriminals distributing emails with subject lines that suggested a recipient had won awards or prize money from senders such as ‘Awards Promotion’ or ‘Award Center’. The content of the email informed the target that they had won prize money organized by Yahoo, worth hundreds of thousands of dollars. It asked the recipient to send their personal information and bank details, claiming to transfer the winning prize money to the account. The email also contained a warning that the target must not tell people about winning the prize because of legal issues.

In general, the technology sector was the industry most likely to be imitated by brand phishing in the last quarter of 2022, followed by shipping and social networks. DHL came in second place with 16% of all brand phishing attempts, ahead of Microsoft in the third spot with 11%. LinkedIn also returned to the list this quarter, reaching fifth place with 5.7%. DHL’s popularity could be due to the busy online shopping season surrounding Black Friday and Cyber Monday, with hackers using the brand to generate ‘fake’ deliveries notifications.

Omer Dembinsky, Data Group Manager at Check Point Software said: “We are seeing hackers trying to bait their targets by offering awards and significant amounts of money. Remember, if it looks too good to be true, it almost always is. You can protect yourself from a brand phishing attack by not clicking on suspicious links or attachments and by always checking the URL of the page you are directed to. Look for misspellings and do not volunteer unnecessary information.”

Top 10 Most Imitated Brands

Below are the top brands ranked by their overall appearance in brand phishing attempts:

  • Yahoo (20%)
  • DHL (16%)
  • Microsoft (11%)
  • Google (5.8%)
  • LinkedIn (5.7%)
  • WeTransfer (5.3%)
  • Netflix (4.4%)
  • FedEx (2.5%)
  • HSBC (2.3%)
  • WhatsApp (2.2%)

Instagram Phishing Email – Account Theft Example

CPR observed a malicious phishing email campaign that was sent from “badge@mail-ig[.]com”. The email was sent with the subject “blue badge form”, and the content tried to persuade the victim to click on a malicious link claiming that the victim’s Instagram account had been reviewed by the Facebook team (the owner of the Instagram brand) and deemed eligible for the Blue Badge.

Comments

You may also read!

Few Enterprises to Have Mature Zero-Trust Program by 2026: Gartner

Zero trust is top of mind for most organizations as a critical strategy to reduce risk, but few organizations

Read More...

Kaspersky cautions against Bluebottle cybercrime group active in Africa

Over the past several months, cybercrime group Bluebottle has been targeting companies in the financial sector in French-speaking African

Read More...

GPRC Summit spotlights risk and governance in the UAE’s digital future

The GPRC Summit 2023 in Dubai, organised by Ejtemaat Events and hosted by Corporater, a global software company providing

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu