Brand impersonation attacks, when adversaries attempt to mimic the website or domain of a well-known brand by using a similar domain name and webpage designed like the actual site, remain one of the most deceptive forms of phishing. A recent report from the IT company Check Point identifies the top brands criminals impersonated in brand phishing attacks in the third quarter of 2022.

In the third quarter of this year, DHL was the top brand impersonated by cyber threat actors, accounting for 22 percent of all phishing attempts worldwide. According to Check Point, DHL’s increase “could be due in part to a major global scam and phishing attack that the logistics giant warned about itself just days before the quarter started.” The second most impersonated brand was Microsoft, compromising 16 percent of attacks, and LinkedIn has fallen into third place, accounting for just 11 percent of scams, compared to 52 percent in Q1 and 45 percent in Q2. Other top impersonated brands include Google, Netflix, Walmart, WhatsApp, and Instagram.

Additionally, the report features an example of a brand phishing attack where DHL users are contacted via an official-looking email in an attempt to lure them to click on a malicious link to “update their delivery.” After clicking on the link, users are taken to a malicious website and prompted to log-in to the site via a fake portal where their credentials are harvested. To defend against this activity, members are reminded to always be wary of messages that require urgent actions and ones that ask a user to click on a link or open an attachment. Users should reach out to the purported sender via another means of communication to confirm its authenticity. Read more at Check Point.