Yahoo has been the most imitated brand by cybercriminals to try to steal personal information or bank passwords in the last quarter of last year. they were behind DHL and Microsoft.
Tech brands were the most used to try to deceive users, according to the Brand Phishing Report of the Threat Intelligence division of Check Point Software Technologies, a company specializing in cybersecurity.
Yahoo moved up 23 spots and has been involved in 20% of all information theft attempts. Cybercriminals distributed emails with issues related to rewards or money from senders such as “Rewards Promotion” or “Rewards Center”.
The content of the message reported a prize organized by Yahoo, worth hundreds of thousands of dollars and requested in response the personal data and bank details for the transfer of the cash prize. The email also contained a confidentiality notice for legal reasons, thus trying to prevent the “lucky ones” from sharing this information.
DHL is in second place, with 16% of all attempts, ahead of Microsoft, which is in third place (11%).
LinkedIn it returned to the list again this quarter, reaching fifth place with 5.7%.
DHL’s popularity may be due to the busy online shopping season surrounding Black Friday and Cyber Monday in the US, where cybercriminals use the brand to generate notifications of “Fake” deliveries.
“We’re seeing how attackers use prizes and large sums of money as bait. You have to remember that if something sounds too good to be true, it’s almost always a lie,” says Omer Dembinsky of Check Point Software.
To protect yourself from a branded phishing attack, avoid clicking suspicious links or attachments, always check the URL of the page they lead to, and never share personal or banking information, he adds.
The list of the 10 most used brands for stealing is completed with We transfer (5.3%), Netflix (4.4%), fedex (2.5%), HSBC extension (2.3%) and Whatsapp (2.2%).
Examples of phishing
Check Point Research researchers observed a malicious phishing campaign using the brand instagram which was sent by “[email protected][.]com” with subject “blue badge form” (the tilde that certified users receive), and the content tried to convince the victim to click on a malicious link by claiming that his account had been reviewed by the Facebook team (owner of the Instagram brand) and deemed eligible for the blue sticker .
We also discovered an attempted theft attempting to steal a user’s Microsoft account information. The email was sent with a fake sender – “Teams” with the matter “You have been added to a new team.”
The attacker tries to trick the victim into clicking on the malicious link by claiming that they have been added to a new computer in the app. Choosing to confirm cooperation leads to a malicious website.
Linda Price is a tech expert at News Rebeat. With a deep understanding of the latest developments in the world of technology and a passion for innovation, Linda provides insightful and informative coverage of the cutting-edge advancements shaping our world.