Threat Research

Online Shoppers Beware: Scammers Most Likely to Impersonate DHL – Check Point Blog

Securonix

Checkpoint’s Brand Phishing Report for Q3 2022 shows DHL as the brand most impersonated in phishing attempts (22%), with Microsoft (16%) and LinkedIn (11%) following; Instagram also enters the top ten due to a blue-badge phishing campaign. The report highlights phishing as the most common social-engineering tactic and urges users to verify delivery communications and avoid sharing personal data with suspicious emails. #DHL #Microsoft #LinkedIn #Instagram

Keypoints

  • DHL accounted for about 22% of all brand phishing attacks in Q3 2022, the highest share among brands.
  • Microsoft ranked second with 16% and LinkedIn third with 11%, down from much higher percentages in earlier quarters.
  • Instagram enters the top ten for the first time in Q3 2022 due to a blue-badge phishing campaign.
  • Shipping remains a top industry target for brand phishing, second only to technology.
  • Phishing is the most common form of social engineering and frequently used to steal credentials and personal data.
  • Examples include DHL and OneDrive impersonation emails that redirect users to fraudulent login pages to harvest credentials.

MITRE Techniques

  • [T1566.002] Spearphishing Link – The campaigns used phishing emails containing malicious links leading to fraudulent login pages to harvest credentials. “This link leads to a malicious website- https://bafybeig4warxkemgy6mdzooxeeuglstk6idtz5dinm7yayeazximd3azai[.]ipfs[.]w3s[.]link/dshby[.]html/”
  • [T1566.003] Spearphishing Via Service – Brand impersonation via webmail/hosting services (e.g., DHL Express from spoofed address and OneDrive lure via Herokuapp) to prompt credential entry. “A document titled ‘Proposal’ has been shared with you on Onedrive” and a fraudulent login page “https://mail-supp-365[.]herokuapp[.]com/””

Indicators of Compromise

  • [Email Address] – info@lincssourcing[.]com, webs [email protected] (phishing sender identities used to impersonate DHL and OneDrive)
  • [URL] – https://bafybeig4warxkemgy6mdzooxeeuglstk6idtz5dinm7yayeazximd3azai[.]ipfs[.]w3s[.]link/dshby[.]html/ (DHL phishing landing page)
  • [URL] – https://mail-supp-365[.]herokuapp[.]com/ (fraudulent login page linked in OneDrive phishing email)

Read more: https://blog.checkpoint.com/2022/10/24/online-shoppers-beware-scammers-most-likely-to-impersonate-dhl/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint