Image: iStock/OrnRin

Phishing attacks often impersonate a popular brand or product to try to trick people into falling for their scams. But the brands that are most exploited change depending on events in the news, the time of year and other factors. A report released Monday by cyber threat intelligence provider Check Point Research reveals how and why international shipping company DHL was the most spoofed brand in phishing campaigns at the close of 2021.

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

For the final quarter of 2021, DHL took over the top spot from Microsoft as the most impersonated brand by cybercriminals using phishing tactics. For the quarter, DHL was spoofed in 23% of all brand phishing attempts, up from just 9% in the year’s previous quarter. At the same time, Microsoft appeared in 20% of all attempts, down from 23% in the prior quarter.

While Microsoft is always a popular target in phishing attacks, DHL grabbed the top spot last quarter due to seasonal reasons. Specifically, the holiday shopping season prompted more consumers to ship items around the world, especially as the pandemic continued to pose a threat. This factor also explains why FedEx joined the top 10 list of most spoofed brands, popping up in 3% of all phishing attempts.

“This quarter, for the first time, we’ve seen global logistics company DHL top the rankings as the most likely brand to be imitated, presumably to capitalize on the soaring number of new and potentially vulnerable online shoppers during the year’s busiest retail period,” said Omer Dembinsky, data research group manager at Check Point Software.

“Older users in particular, who are less likely to be as technologically savvy as younger generations, will be shopping online for the first time and might not know what to look for when it comes to things like delivery confirmation emails or tracking updates,” Dembinsky added. “Furthermore, the rise in COVID cases has people relying on the shipping service more, and cyber criminals are likely trying to capitalize on people choosing to stay indoors more.”

Beyond DHL, Microsoft and FedEx, other brands that appeared on the list included WhatsApp in 11% of phishing attempts, Google in 10%, LinkedIn in 8%, Amazon in 4%, Roblox in 3%, PayPal in 2% and Apple in 2%. The presence of WhatsApp in third place showed that social media apps continue to be a hot target in phishing scams.

SEE: Study: Most phishing pages are abandoned or disappear in a matter of days (TechRepublic)

Among the specific phishing emails examined by Check Point, one used DHL Customer Support as the sender’s name and contained the subject line of “DHL Shipment Notification: xxxxxxxxxx Out for delivery for 15 Dec 21.” Claiming that the victim was due to receive a package, the attacker was trying to lure the recipient to click on a malicious link for a phony DHL webpage to steal their email address and password.

Image: Check Point Research

In a campaign spoofing FedEx, the phishing email used a spoofed address of with a subject line of “Bill of Lading-PL/CI/BL-Documents arrival.” The message asked the recipient to download a file named “shipment docu..rar.” If extracted, the file would infect the computer with the Snake Keylogger malware, which then attempted to steal the person’s account credentials.

Image: Check Point Research

In one campaign spotted in November, a phishing email was sent by a spoofed name of PayPal Service with a subject line of “Confirm your PayPal account (Case ID #XX XXXXXXXXXX).” A malicious link in the message took the recipient to a PayPal login page impersonating the actual site. The user was asked to sign in with their PayPal credentials, which were then captured by the attacker.

Image: Check Point Research

“Unfortunately, there’s only so much brands like DHL, Microsoft and WhatsApp—which represent the top 3 most imitated brands in Q4—can do to combat phishing attempts,” Dembinsky said. “It’s all too easy for the human element to overlook things like misspelt domains, typos, incorrect dates or other suspicious details, and that’s what opens the door to further damage. We’d urge all users to be very mindful of these details when dealing with the likes of DHL in the coming months.”

  • From data to devices: Strengthen your cyber defenses with these security policies (TechRepublic Premium)
  • Warning: 1 in 3 employees are likely to fall for a phishing scam (TechRepublic)
  • How to become a cybersecurity pro: A cheat sheet (TechRepublic)
  • How to report a phishing or spam email to Microsoft (TechRepublic)
  • Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)
  • Subscribe to the Cybersecurity Insider Newsletter

    Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

    Subscribe to the Cybersecurity Insider Newsletter

    Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday