The next time something shows up in your email inbox that claims to be from Yahoo!, DHL, Microsoft, Google, or LinkedIn, resist clicking on it. In Check Point Research’s (CPR) latest Brand Phishing Report, those five brands are the ones most frequently imitated by criminals during the last quarter.
Yahoo became the top brand impersonated in phishing attacks, climbing 23 spots and accounting for 20% of all brand phishing attempts. DHL – which got looped into phishing hell in a “BHL” impersonation scheme – suffered 16% of the attempts.
Rounding out the Top 10 were Wetransfer (5.3%), Netflix (4.4%), FedEx (2.5%), HSBC (2.3%), and WhatsApp (2.2%).
Guess what – you’ve just won!
CPR said the attacks are pretty much the same lure – emails with subject lines that suggest a recipient has won awards and prize money. In Yahoo!’s case, CPR found the predominant subject line was “YAHOO AWARD” which was sent by senders with names such as “Award Promotion”, “Award Center”, “info winning” or “Award Winning”.
For most people, seeing an email that says they’ve “won” prize money up into the hundreds of thousands of dollars is hard not to give at least some time to. But, the con unfolds very quickly – asking the recipients to send their personal and bank details, claiming this information was necessary to transfer the winning prize money to their account.
Most of that is same-old-song stuff, but the analysts said that these emails also contained a warning that the recipient – er, victim – must not tell people about winning the prize, because of legal issues. In other words, the scammers are worried that if the victim tells someone about this, that someone might hit ‘em over the head with a big dose of what’s really going on and the victim will stop, and the scammer will walk away with nothing.
The Instagram hook
CPR’s analysts said that the hook scammers were using for Instagram was built on the subject “blue badge form.” Blue badges are the little blue checkmark that appears next to an Instagram account's name in search and on the profile, and means Instagram has confirmed that an account is the real deal presence of the public figure, celebrity, or brand it represents.
In this case, the scammers are playing up to people who they think would love the status of having a “blue badge.” and the intent of the email is to persuade the victim to click on a malicious link claiming that the person’s Instagram account has been reviewed and approved by Facebook, the owner of Instagram.
The link leads to a form that asks for specific personal details. Once you submit the form, you basically gave what you entered to the cybercriminals behind the campaign.