- Check Point Research reports that Yahoo climbed 23 places while LinkedIn and FedEx returned to the top 10 list after dropping from the ranking in the previous quarter.
Yahoo was the most impersonated brand for phishing attacks during the fourth quarter of last year, climbing 23 places and accounting for 20 per cent of all attempts.
DHL came in second place with 16 per cent of all brand phishing attempts, ahead of Microsoft in the third spot with 11 per cent. LinkedIn also returned to the list this quarter, reaching fifth place with 5.7 per cent. DHL’s popularity could be due to the busy online shopping season surrounding Black Friday and Cyber Monday, with hackers using the brand to generate ‘fake’ deliveries notifications.
Check Point Research (CPR) found cybercriminals distributing emails with subject lines that suggested a recipient had won awards or prize money from senders such as ‘Awards Promotion’ or ‘Award Center’.
The content of the email informed the target that they had won prize money organised by Yahoo, worth hundreds of thousands of dollars. It asked the recipient to send their personal information and bank details, claiming to transfer the winning prize money to the account.
The email also contained a warning that the target must not tell people about winning the prize because of legal issues.
Technology sector the most hit
“We are seeing hackers trying to bait their targets by offering awards and significant amounts of money. Remember, if it looks too good to be true, it almost always is. You can protect yourself from a brand phishing attack by not clicking on suspicious links or attachments and by always checking the URL of the page you are directed to. Look for misspellings and do not volunteer unnecessary information,” Omer Dembinsky, Data Group Manager at Check Point Software, said.
In general, the technology sector was the industry most likely to be imitated by brand phishing in the last quarter of 2022, followed by shipping and social networks.
According to Check Point Research data, global cyberattacks increased by 38 per cent in 2022, compared to 2021.
These cyberattack numbers were driven by smaller, more agile hacker and ransomware gangs, who focused on exploiting collaboration tools used in work-from-home environments, targeting of education institutions that shifted to e-learning post Covid-19.
Healthcare on the radar
This increase in global cyberattacks also stems from hacker interest in healthcare organisations, which saw the largest increase in cyberattacks in 2022, when compared to all other industries.
Global volume of cyberattacks reached an all-time high in Q4 with an average of 1,168 weekly attacks per organisation while the top three most attacked industries in 2022 were Education/Research, Government and Healthcare.
CPR warns that the maturity of AI technology, such as CHATGPT, can accelerate the number of cyberattacks in 2023.
Related posts:
- Steps to prevent identity-based attacks in cybersecurity
- To secure cloud workloads adequately, do we need an “agent or agentless” tooling stack
- The need for predictive tools to combat complex security threats is greater than ever