Until recently, tech giant Microsoft held the title of being the most impersonated brand by threat actors running phishing campaigns to snare new victims. However, a recent study focused on 2021’s final quarter has shown that the Redmond-based multi-national has been shoved into second place.

The report found that it was logistics enterprise DHL that now commands this unwanted position, with phishing operators using the express mail and international parcel delivery service as a framework for their nefarious scams and schemes.

Why do phishing schemes imitate DHL?

Given that the fourth quarter of the year includes the festive shopping season, Cyber Monday and Black Friday, it is not entirely surprising that this time of the year saw DHL, a company delivering more than 1.6 billion packages per year, being impersonated by malicious actors. With the increased volume of parcels in transit during this period, a natural increase on delivery-based phishing scams is to be expected.

Due to this spike in parcel traffic and popular use of the parcel specialist, phishing operators will be well aware that campaigns that mimic DHL will have a higher success rate of reaching individuals awaiting a package from the company amidst the holidays.

A wide range of phishing lures have been associated with the use of DHL branding. Common tricks involve messages informing customers that their parcel has become stuck with customs and needs action from them to clear it, along with fake tracking numbers that must be accessed via harmful file attachments and links embedded in emails.

The report that was compiled by threat intelligence experts at Check Point discovered the top 10 enterprises imitated in 2021’s Q4, from most to least, were DHL, Microsoft, WhatsApp, Google, LinkedIn, Amazon, FedEx, Roblox, PayPal and Apple.

Example of logistics-based phishing attacks

In its phishing report, Check Point outlined a particular attack vector it had identified, which used a spoofed customer support DHL email address.

The bogus email issued requested that the recipient confirm their identity. This verification process is handled on a dedicated phishing landing page that is designed to have an exact resemblance to the legitimate DHL website.

Check Point also detailed a phishing lure associated with the FedEx brand. The email copy states that the logistics company was unable to complete delivery of a parcel and requires the victim to input their personal details. Again, this takes place on a phishing site built to harvest their private credentials.

As many enterprises use the express services of logistics firms like DHL and FedEx, staff managing incoming deliveries onsite must be trained to identify phishing scams using these companies and how to act accordingly.

Attached files must not be downloaded without verifying their authenticity, and embedded links should never be clicked on. Any searches for parcel numbers or requests for the entry of credentials must only take place after the recipient visits the logistics firm’s official website, inputting it directly into the address bar, rather than following a link. This will guarantee they are on the legitimate website, and not simply giving their details away on a phishing page.