Twenty-two percent of all brand phishing attempts around the world between July and September have been attributed to DHL, making the logistics firm the most impersonated brand in phishing emails in the third quarter, followed by Microsoft and LinkedIn, which was the most spoofed brand during the first two quarters of 2022, The Register reports.
Malicious actors involved in one of the phishing campaigns involving DHL impersonated DHL Express in a message luring recipients into clicking a malicious link for updating delivery addresses, which instead redirects to a fraudulent website seeking victims' names and passwords, which are then harvested to facilitate further compromise, according to a Check Point report.
Researchers also found that a phony OneDrive email had been used in a separate phishing campaign that sought to exfiltrate Microsoft account information.
"Think twice before opening email attachments or links, especially emails that claim to be from companies such as DHL, Microsoft or LinkedIn," said Check Point.