Microsoft, DHL, and LinkedIn Among the Top Brands Exploited in 2020 Phishing Attacks

In early January 2021 security experts with Check Point published their findings on phishing attacks and campaigns in the last quarter of the past year, revealing both some interesting new trends and some unchanged chart toppers.

The company and brand name that are still most heavily spoofed and impersonated by bad actors in phishing campaigns is still the same as it was over the past few quarters. The chart for most heavily exploited and impersonated brand in Q2 2020 is still topped by Microsoft.

This should not be too surprising, given the incredibly widespread adoption of Microsoft's office suite. Company-wide networks that have Microsoft Office 365 installed are one of the most lucrative targets for bad actors and attempting to phish out credentials from regular employees to gain initial access, then work their way from there is one of the favorite attack vectors for threat actors.

Fake Microsoft emails used in phishing campaigns made up for 43% of all phishing activity in the quarter, compared to 19% in Q3. DHL kept the second spot in the chart, with a share of 18% - a twofold quarter over quarter increase from Q3's 9%.

The interesting new trend is the heavy abuse of online retail. Amazon and Ikea weren't even among the top 10 names most heavily used in phishing in Q3, while they took respectively fourth and sixth place in the last quarter of 2020. This can be explained with the massive phishing campaigns that take place during the holiday shopping season.

DHL remaining in the second spot is also not a big surprise. With worldwide Covid-19 lockdowns and a significantly increased rate of online purchasing, from electronics, to everyday items and groceries, delivery services are being used a lot more.

This makes it very natural for bad actors to try and mimic the big, household brands in delivery services such as DHL.

Phishing is the practice of bad actors sending out fake emails that attempt to lure the customer, abusing legitimate company names and logos to get victims to click on links to pages that contain fake login forms that steal credentials.

January 18, 2021