Phishing 2023: Brands Imitated the Most

Multinational retail giant Walmart, global delivery giant DHL and Microsoft were among the top-10 companies that cybercriminals frequently mimicked to steal individuals’ personal data or payment credentials. This was brought out by the Brand Phishing Report Q1 2023, shared by Check Point Research, a threat intelligence company. 

While Walmart topped this list with more than 16% of all attempts, moving up from the 13th slot during the fourth quarter of 2022, DHL retained its second place with 13% instances of phishing events during January to March. They were closely followed by Microsoft with 12%, the report said, adding that the technology sector led shipping and retail in such instances. 

Walmart and Bank Raiffeisen the worst hit

Walmart’s dubious climb up this ladder was a result of the significant phishing campaign urging victims to click on a malicious survey link, relating to ‘the supply system collapse’. The report has also highlighted how threat actors are leveraging organizations in the finance sector to steal account details. 

Among them, Bank Raiffeisen became the top bank in this list and was in 8th place. In this phishing campaign, which accounted for 3.6% of phishing attacks over Q1 of 2023, recipients were encouraged to click on a malicious link ostensibly to ensure account security. However, once a user clicked, the details were stolen by the attacker. 

Best defense against phishing is knowledge

“Criminal groups orchestrate phishing campaigns to get as many people to part with their personal data as possible,” said Omer Dembinsky, Data Group Manager at Check Point Software. “In some cases, attacks are designed to obtain account information, as seen with the Raiffeisen campaigns. Others are deployed to steal payment details, which we witnessed with popular streaming service Netflix.”

“The best defense against phishing threats, as ever, is knowledge. Employees should be given appropriate training to spot suspicious traits such as misspelled domains, typos, incorrect dates, and other details that can expose a malicious email or link,” he added. In such attacks, criminals imitate the official website of a well-known brand by using a similar domain name or URL and a web-page design that resembles the genuine site. 

An innocuous email can clean up your bank

The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information, the report said. Top phishing brands include: 

• Walmart (relating to 16% of all phishing attacks globally)
• DHL (13%)
• Microsoft (12%)
• LinkedIn (6%)
• FedEx (4.9%)
• Google (4.8%)
• Netflix (4%)
• Raiffeisen (3.6%)
• PayPal (3.5%)

Elaborating on the first quarter attacks, the report said, its cybersecurity experts detected a fraudulent email that utilized Netflix’s branding to deceive individuals. The email, which looked like one from Netflix, was set from a suspicious webmail address and carried the subject line “Update Required – Account on Hold”. 

The report seemed to suggest that the recipient’s Netflix account had been suspended due to a failure to authorize payments for the next billing cycle. The email then provided a link to renew the subscription and requested the receiver to enter accurate payment details, which was then directed to a malicious website that stole the payment data.

In the past, Check Point Research has provided leading cyber threat intelligence. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections.