DHL dethrones Microsoft as most imitated brand in phishing attacks

DHL was the most imitated brand in phishing campaigns throughout Q4 2021, pushing Microsoft to second place, and Google to fourth.

This isn't surprising considering that the final quarter of every year includes the Black Friday, Cyber Monday, and Christmas shopping season, so phishing lures based on package deliveries naturally increase.

DHL is an international package delivery and express mail service, delivering over 1.6 billion parcels per year.

As such, phishing campaigns impersonating the brand have good chances of reaching people who are waiting for a DHL package to arrive during the holiday season.

The specific lures range from a package that is stuck at customs and requires action for clearance to supposed tracking numbers that hide inside document attachments or embedded links.

According to a report by threat intelligence firm Check Point, the top ten brands impersonated by phishing actors in Q4 2021 are the following: 

In an example presented on the Check Point report, a phishing campaign used spoofed DHL customer support email addresses to send the "shipment notification" message, as shown below.

Phishing email impersonating DHL
Source: Check Point

In this case, the email requests the user to verify their identity, which takes place on a phishing page that is made to look exactly like the real DHL site.

Comparison between fake and real DHL sites
Source: Check Point

In the FedEx lures sampled by CheckPoint, the actors claim to be unable to deliver the parcel to the recipient, requesting the victim to enter their details on a phishing site.

Finally, there's an ominous PayPal phishing specimen that requests the target to "confirm their account information" to lift a status of temporary suspension.

PayPal phishing lure
Source: Check Point

Keep calm and stay alert

The best way to deal with incoming emails that make bold claims and request immediate action is to be cautious and avoid jumping into immediate action.

Instead, you should open a new browser tab, visit the official website of the alleged sender, confirm the validity of the URL you're at, and only then log in to your account. If any action is required from you, you'll see the relevant alerts right there.

Never click on embedded buttons on emails and avoid downloading and opening documents that arrive via unsolicited communications.

Phishing relies on creating a sense of urgency, so whenever you're dealing with an email that causes you distress, consider the possibility of it being an attempt to trick you into giving away sensitive information.