Threat Intel Flash: Sisense Data Compromise: ARC Labs Intelligence Flash

Get the Latest


DHL Moves to Top Spoofed Company in Phishing Campaigns for Quarter 4 2021

According to researchers at CheckPoint, DHL was the number one most spoofed company for phishing campaigns in the fourth quarter of 2021, pushing Microsoft to number two. According to researchers, this jump is due to the holiday shopping that is typically done around that time. Since DHL is an international shipping company, it is likely that this is the reason threat actors began spoofing them. The lures used in campaigns range from packages that are stuck at customs to embedded tracking numbers. The top ten spoofed companies were:

  1. DHL (related to 23% of all phishing attacks globally)
  2. Microsoft (20%)
  3. WhatsApp (11%)
  4. Google (10%)
  5. LinkedIn (8%)
  6. Amazon (4%)
  7. FedEx (3%)
  8. Roblox (3%)
  9. PayPal (2%)
  10. Apple (2%)

Analyst Notes

Companies should be aware of the most common types of phishing campaigns in order to tailor their security controls. Proper training for employees should be conducted, which includes teaching them that they should never use their company email to sign up for personal services that are not business-related, and to never re-use their corporate password to sign up for any other online service. Monitoring should also be in place to quickly identify threats in case an employee falls for a phishing campaign. Reporting processes should be defined so employees understand who to contact if they believe they were a victim of a phishing campaign.