Check Point: “Our Q2 2022 Brand Phishing Report highlights the brands that were most frequently imitated by cybercriminals in their attempts to steal individuals’ personal information or payment credentials over the quarter. In April, May, and June we observed that the social media platform LinkedIn continued its reign as the most imitated brand after entering the rankings for the first-time in Q1. While its share has dropped slightly; down from 52% in Q1 to 45% of all phishing attempts in Q2, this is still a worrying trend that highlights the ongoing risks facing users of the trusted social media platform. Our research showed that social networks generally continue to be the most imitated category, followed by technology which, this quarter, took over second place from shipping. The most striking rise in technology household names being exploited was Microsoft, making up 13% of all brand phishing attempts, more than double the amount in the previous quarter and edging DHL into third place with 12%. Some new brands entering the top 10 were: Adidas, Adobe and HSBC although all on low single digits, these brands will be followed closely by researchers in Q3 for any developments. The increase in the use of Microsoft related scams is a danger to both individuals and organizations. Once someone has hold of your account login details, they have access to all the applications behind it, such as Teams and SharePoint, as well as the obvious risk of compromise to your Outlook email account. The report highlights a specific example of an Outlook phishing email luring users to a fraudulent Outlook web page with the subject line: “[Action Required] Final Reminder – Verify your OWA Account now”, asking the victim to enter their login credentials.
LinkedIn based phishing campaigns imitated the style of communication of the professional social media platform with malicious emails using subjects like: “You appeared in 8 searches this week” or “You have one new message” or “I’d like to do business with you via LinkedIn.” Although appearing to come from LinkedIn they used an email address that was completely different to that of the brand. Meanwhile, with the relentless trend to online shopping, it is not surprising that our research also saw shipping company DHL being faked in 12% of all phishing attacks. The report specifically references a tracking related phishing scam, with the subject line “Incoming Shipment Notification”, enticing the consumer to click on a malicious link…”