Check Point Research issues its Q2 Brand Phishing Report, highlighting the brands that cyber criminals most often imitate to trick people into giving up their personal data
SAN CARLOS, Calif., July 19, 2022 (GLOBE NEWSWIRE) -- Check Point Research (CPR), the Threat Intelligence arm of Check PointÂŽ Software Technologies Ltd. ( CHKP) and a leading provider of cyber security solutions globally, has published its Brand Phishing Report for Q2 2022. The report highlights the brands that were most frequently imitated by cybercriminals in their attempts to steal individualsâ personal information or payment credentials over the quarter.
The social media platform LinkedIn continued its reign as the most imitated brand after entering the rankings for the first-time in Q1. While its share has dropped slightly; down from 52% in Q1 to 45% of all phishing attempts in Q2, this is still a worrying trend that highlights the ongoing risks facing users of the trusted social media platform. Social networks generally continue to be the most imitated category, followed by technology which, this quarter, took over second place from shipping.
The most striking rise in technology household names being exploited was Microsoft, making up 13% of all brand phishing attempts, more than double the amount in the previous quarter and edging DHL into third place with 12%. Some new brands entering the top 10 were: Adidas, Adobe and HSBC although all on low single digits, these brands will be followed closely by researchers in Q3 for any developments.
The increase in the use of Microsoft related scams is a danger to both individuals and organizations. Once someone has hold of your account login details, they have access to all the applications behind it, such as Teams and SharePoint, as well as the obvious risk of compromise to your Outlook email account. The report highlights a specific example of an Outlook phishing email luring users to a fraudulent Outlook web page with the subject line: â[Action Required] Final Reminder - Verify your OWA Account nowâ, asking the victim to enter their login credentials.
LinkedIn based phishing campaigns imitated the style of communication of the professional social media platform with malicious emails using subjects like: âYou appeared in 8 searches this weekâ or âYou have one new messageâ or âIâd like to do business with you via LinkedIn.â Although appearing to come from LinkedIn they used an email address that was completely different to that of the brand.
Meanwhile, with the relentless trend to online shopping, it is not surprising that Q2 also saw shipping company DHL being faked in 12% of all phishing attacks. The report specifically references a tracking related phishing scam, with the subject line âIncoming Shipment Notificationâ, enticing the consumer to click on a malicious link.
âPhishing emails are a prominent tool in every hackerâs arsenal as they are fast to deploy and can target millions of users at relatively low cost,â said Omer Dembinsky, Data Research Group Manager at Check Point Software. âThey give cybercriminals the opportunity to leverage the reputation of trusted brands to give users a false sense of security that can be exploited to steal personal or commercial information for financial gain.
âThe criminals will use any brand with sufficient reach and consumer trust. Hence, we see hackers expanding their activities with the first appearance of Adidas, Adobe, and HSBC in the top 10, The hackers trade on our trust in these brands and that very human instinct for âthe deal.â Thereâs a reason the hackers continue to use brand-based phishing. It works. So, consumers need to act with caution and look out for tell-tale signs of the fake email, like poor grammar, spelling mistakes or strange domain names. If in doubt head for the brandâs own website rather than clicking any links.â
A brand phishing attack not only takes advantage of our implicit trust in a familiar brand, adopting its brand imagery often using a similar URL, it also plays on human emotions, like the fear of missing out on a discount. The sense of urgency this creates leads consumers to click in haste without first checking if the email is from the brand in question. This could lead to them inadvertently downloading malware or handing over precious personally identifiable information which can give criminals access to their entire online world and potential financial loss.
Top phishing brands in Q2 2022
Below are the top brands ranked by their overall appearance in brand phishing attempts:
- LinkedIn (45%)
- Microsoft (13%)
- DHL (12%)
- Amazon (9%)
- Apple (3%)
- Adidas (2%)
- Google (1%)
- Netflix (1%)
- Adobe (1%)
- HSBC (1%)
LinkedIn Phishing Email- Account Theft Example
During the Q2 of 2022, we observed a malicious phishing email that used LinkedInâs branding. The phishing email was sent from a webmail address and spoofed to appear as if it was sent from âLinkedIn Security ([email protected][.]ec)â. The email contained the subject âLinkedIn Notice!!!â, and the content tries to entice the victim to click on a malicious link under the guise of updating their LinkedIn account version. This click will lead to the link âhttps://lin882[.]webnode[.]page/â, where the victim is then required to enter their LinkedIn account information.
DHL Phishing Email â Account Theft Example
During the second quarter of 2022, we observed a malicious phishing email that used DHLâs branding. The phishing email was sent from a webmail address and spoofed to appear as if it was sent from âDHL EXPRESS (track@harbormfreight[.]com)â. The email contained the subject line âIncoming Shipment Notificationâ, and the content tries to persuade the victim to click on a malicious link that leads them to âhttps:// delicate-sea-3417.on.fleek.coâ. The victim is then required to enter their username and password.
Outlook Phishing Email - Account Theft Example
In this phishing email, we see an attempt to steal a userâs Outlook account information. The email which was sent from the email address âOutlook OWA ([email protected])â, contained the subject line â[Action Required] Final Reminder - Verify your OWA Account nowâ. The attacker was trying to lure the victim to click on a malicious link, which redirects the user to a fraudulent Outlook web app login page. In the malicious link (jfbfstxegfghaccl-dot-githu-dir-aceui-xoweu[.]ue[.]r[.]appspot[.]com), the user needed to enter their username and password.
Amazon Phishing Email - Billing Information Theft Example
In this phishing email, we see an attempt to steal a userâs billing information. The email which was sent from the email address âAmazon (fcarvache@puertoesmeraldas[.]gob[.]ec)â, contained the subject line âYour amazon account verificationâ. The title of the email and its contents are an attempt by the attacker to entice the victim to click on a malicious link âhttps://main.d1eoejahlrcxb.amplifyapp[.]comâ, which redirects the user to a fraudulent page asking to enter billing information.
Follow Check Point Research via:
Blog: https://research.checkpoint.com/
Twitter: https://twitter.com/_cpresearch_
About Check Point Research
Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to corporate enterprises and governments globally. Check Point Infinity´s portfolio of solutions protects enterprises and public organizations from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and other threats. Infinity comprises three core pillars delivering uncompromised security and generation V threat prevention across enterprise environments: Check Point Harmony, for remote users; Check Point CloudGuard, to automatically secure clouds; and Check Point Quantum, to protect network perimeters and datacenters, all controlled by the industryâs most comprehensive, intuitive unified security management. Check Point protects over 100,000 organizations of all sizes.
MEDIA CONTACT:
Emilie Beneitez Lefebvre
Check Point Software Technologies Technologies
[email protected] INVESTOR CONTACT:
Kip E. Meintzer
Check Point Software Technologies
[email protected]
SAN CARLOS, Calif., July 19, 2022 (GLOBE NEWSWIRE) -- Check Point Research (CPR), the Threat Intelligence arm of Check PointÂŽ Software Technologies Ltd. ( CHKP) and a leading provider of cyber security solutions globally, has published its Brand Phishing Report for Q2 2022. The report highlights the brands that were most frequently imitated by cybercriminals in their attempts to steal individualsâ personal information or payment credentials over the quarter.
The social media platform LinkedIn continued its reign as the most imitated brand after entering the rankings for the first-time in Q1. While its share has dropped slightly; down from 52% in Q1 to 45% of all phishing attempts in Q2, this is still a worrying trend that highlights the ongoing risks facing users of the trusted social media platform. Social networks generally continue to be the most imitated category, followed by technology which, this quarter, took over second place from shipping.
The most striking rise in technology household names being exploited was Microsoft, making up 13% of all brand phishing attempts, more than double the amount in the previous quarter and edging DHL into third place with 12%. Some new brands entering the top 10 were: Adidas, Adobe and HSBC although all on low single digits, these brands will be followed closely by researchers in Q3 for any developments.
The increase in the use of Microsoft related scams is a danger to both individuals and organizations. Once someone has hold of your account login details, they have access to all the applications behind it, such as Teams and SharePoint, as well as the obvious risk of compromise to your Outlook email account. The report highlights a specific example of an Outlook phishing email luring users to a fraudulent Outlook web page with the subject line: â[Action Required] Final Reminder - Verify your OWA Account nowâ, asking the victim to enter their login credentials.
LinkedIn based phishing campaigns imitated the style of communication of the professional social media platform with malicious emails using subjects like: âYou appeared in 8 searches this weekâ or âYou have one new messageâ or âIâd like to do business with you via LinkedIn.â Although appearing to come from LinkedIn they used an email address that was completely different to that of the brand.
Meanwhile, with the relentless trend to online shopping, it is not surprising that Q2 also saw shipping company DHL being faked in 12% of all phishing attacks. The report specifically references a tracking related phishing scam, with the subject line âIncoming Shipment Notificationâ, enticing the consumer to click on a malicious link.
âPhishing emails are a prominent tool in every hackerâs arsenal as they are fast to deploy and can target millions of users at relatively low cost,â said Omer Dembinsky, Data Research Group Manager at Check Point Software. âThey give cybercriminals the opportunity to leverage the reputation of trusted brands to give users a false sense of security that can be exploited to steal personal or commercial information for financial gain.
âThe criminals will use any brand with sufficient reach and consumer trust. Hence, we see hackers expanding their activities with the first appearance of Adidas, Adobe, and HSBC in the top 10, The hackers trade on our trust in these brands and that very human instinct for âthe deal.â Thereâs a reason the hackers continue to use brand-based phishing. It works. So, consumers need to act with caution and look out for tell-tale signs of the fake email, like poor grammar, spelling mistakes or strange domain names. If in doubt head for the brandâs own website rather than clicking any links.â
A brand phishing attack not only takes advantage of our implicit trust in a familiar brand, adopting its brand imagery often using a similar URL, it also plays on human emotions, like the fear of missing out on a discount. The sense of urgency this creates leads consumers to click in haste without first checking if the email is from the brand in question. This could lead to them inadvertently downloading malware or handing over precious personally identifiable information which can give criminals access to their entire online world and potential financial loss.
Top phishing brands in Q2 2022
Below are the top brands ranked by their overall appearance in brand phishing attempts:
- LinkedIn (45%)
- Microsoft (13%)
- DHL (12%)
- Amazon (9%)
- Apple (3%)
- Adidas (2%)
- Google (1%)
- Netflix (1%)
- Adobe (1%)
- HSBC (1%)
LinkedIn Phishing Email- Account Theft Example
During the Q2 of 2022, we observed a malicious phishing email that used LinkedInâs branding. The phishing email was sent from a webmail address and spoofed to appear as if it was sent from âLinkedIn Security ([email protected][.]ec)â. The email contained the subject âLinkedIn Notice!!!â, and the content tries to entice the victim to click on a malicious link under the guise of updating their LinkedIn account version. This click will lead to the link âhttps://lin882[.]webnode[.]page/â, where the victim is then required to enter their LinkedIn account information.
DHL Phishing Email â Account Theft Example
During the second quarter of 2022, we observed a malicious phishing email that used DHLâs branding. The phishing email was sent from a webmail address and spoofed to appear as if it was sent from âDHL EXPRESS (track@harbormfreight[.]com)â. The email contained the subject line âIncoming Shipment Notificationâ, and the content tries to persuade the victim to click on a malicious link that leads them to âhttps:// delicate-sea-3417.on.fleek.coâ. The victim is then required to enter their username and password.
Outlook Phishing Email - Account Theft Example
In this phishing email, we see an attempt to steal a userâs Outlook account information. The email which was sent from the email address âOutlook OWA ([email protected])â, contained the subject line â[Action Required] Final Reminder - Verify your OWA Account nowâ. The attacker was trying to lure the victim to click on a malicious link, which redirects the user to a fraudulent Outlook web app login page. In the malicious link (jfbfstxegfghaccl-dot-githu-dir-aceui-xoweu[.]ue[.]r[.]appspot[.]com), the user needed to enter their username and password.
Amazon Phishing Email - Billing Information Theft Example
In this phishing email, we see an attempt to steal a userâs billing information. The email which was sent from the email address âAmazon (fcarvache@puertoesmeraldas[.]gob[.]ec)â, contained the subject line âYour amazon account verificationâ. The title of the email and its contents are an attempt by the attacker to entice the victim to click on a malicious link âhttps://main.d1eoejahlrcxb.amplifyapp[.]comâ, which redirects the user to a fraudulent page asking to enter billing information.
Follow Check Point Research via:
Blog: https://research.checkpoint.com/
Twitter: https://twitter.com/_cpresearch_
About Check Point Research
Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to corporate enterprises and governments globally. Check Point Infinity´s portfolio of solutions protects enterprises and public organizations from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and other threats. Infinity comprises three core pillars delivering uncompromised security and generation V threat prevention across enterprise environments: Check Point Harmony, for remote users; Check Point CloudGuard, to automatically secure clouds; and Check Point Quantum, to protect network perimeters and datacenters, all controlled by the industryâs most comprehensive, intuitive unified security management. Check Point protects over 100,000 organizations of all sizes.
| MEDIA CONTACT: Emilie Beneitez Lefebvre Check Point Software Technologies Technologies [email protected] | INVESTOR CONTACT: Kip E. Meintzer Check Point Software Technologies [email protected] |
