A new report has highlighted the brands which were most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials during July, August and September...with logistics organisation DHL topping the list.

DHL is the most ‘observed brand’ for the quarter after being identified in 22% of worldwide phishing attacks.

Microsoft was seen in 16% of campaigns and LinkedIn was identified in 11%, making them second and third respectively.

The figures identified in Quarter 3 (Q3) of 2022 represent a change in brands identified to be most prevalent across the phishing landscape.

Microsoft remained the top impersonated brand for the majority of 2021, while LinkedIn took top spot for H1 of 2022 (H1 refers to the first half of the year. Thus, H1 corresponds to January, February, March, April, May, and June).

Notably, LinkedIn were seen in 52% in Q1 and 45% for Q2 this year, making a decline to 11% in Q3 a significant reduction.

Whilst this may seem good for the brand, it identifies the fact that threat actors will change their tactics to remain effective.

Whilst email users may have become robust in identifying phishing emails linked to popular brands, their guard could be down when trends shift.

With the Royal Mail strikes currently affecting the UK, there is a realistic possibility that this is used as a method to continue using parcel delivery type phishing subjects in the coming months.

DHL have remained in the top three impersonated brands for the last two years and Microsoft have remained in the top four.

However, the drastic change from LinkedIn moving from 45% in Q2 to only 11% in Q3 of this year, indicates how threat actors will change tactics to remain effective.

It would be beneficial for organisations to make personnel aware of the changing brands in phishing campaigns to help raise awareness and reduce the risks associated with falling foul of such tactics.

Staff Awareness Training

We offer Staff Awareness Training as a service to businesses who want to educate their staff about the tell-tale signs of scams, fraud and potential cyber criminality.

Find out more about Staff Awareness Training…

• Staff/Security Awareness Training: a service overview
• Small businesses should consider Security Awareness Training
• The most frequently asked questions about Security Awareness Training
• Introducing Cyber PATH: A partnership between NCRCG, the CRC network and academia (this initiative now delivers Staff Awareness Training as a service)

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).