Bad actors imitated Microsoft in 39% of all global brand phishing attempts, DHL in 18%, Google in 9%, Roblox in 6%, Amazon in 5%, Wells Fargo in 4%, Chase in 2%, LinkedIn in 2%, Apple in 2% and Dropbox in 2%, according to findings published Wednesday by cybersecurity research firm Check Point Research.
"Criminals increased their attempts in Q1 2021 to steal peoples’ personal data by impersonating leading brands, and our data clearly shows how they change their phishing tactics to increase their chances of success.," Omer Dembinsky, Check Point data research manager, said in a Wednesday statement.
He added that leading banks including Wells Fargo and Chase "have now become prime resources for cyber criminals to lure people into brand phishing."
One example of a DHL phishing email Check Point highlighted appeared as though it was coming from the email address "email@example.com" under the subject line "DHL Import Clearance – Consignment : <number>". The body of the email asked users to download a malicious file titled "DHL-IVN.87463.rar."
"Cyber criminals are looking to capitalize on our activities that involve banks such as filing taxes, fielding stimulus checks and ordering home deliveries," Dembinsky said.
Check Point encourages users "to be cautious when divulging personal data and credentials to business applications, and to think twice before opening email attachments or links, especially emails that claim to be from companies, such as Microsoft or DHL, that are the most likely to be impersonated."
The cybersecurity firm also recommends users check for misspellings in emails; do not click on attachments that may contain malware; review email signatures; be wary of threatening language in a subject line, such as "account has been suspended" or "urgent payment request"; and share as little personal information as possible via email.